Information Well

Here we are, continuing our discussion on authorization and authentication. If you have red my previous article then you would have known by now how important these concepts are and why these need to be implemented efficiently. But in the previous article, we only talked about them and didn't look at how to actually implement them. Cybersecurity is so vast field that we can't understand all of its complexities in one article but what we can do is we can start with some pretty basic stuff and move along to provide our application some sort of security. So in this article we'll see how can we implement authentication checks in server-client systems and specifically in web applications. But for other type of applications like desktop apps, mobile apps you can follow the same procedure although the technology would be different. Lets have a look what we are gonna learn today:- Our Goal General Procedure Answers to some General Questions Cookie Theft Our Goa

Authentication and Authorization are 2 independent concepts both of which are constituents of security. Authentication , in a vague manner, means to recognize someone and Authorization depicts to give that person some permissions. To understand it more better, a really simple example would be to know these concepts regarding to operating systems. When we log into our computer the OS checks whether our credentials match to any user of the computer. That is what we call authentication. Once the OS finds a match, it logs us into the computer. Now if we want to open a file then the operating system checks whether we have permission to do so or not. This is the time when the OS is authorizing us. If we have permission then OS will open the file for us otherwise it won't. So in this post we'll see how can we implement these features in any system and take safety measures to prevent intrusions. This post can be a bit boring but its actually a building block of what we'll learn i