issues
search
TheIronYard--Orlando
/
FEE--2015--SPRING
Class projects for the Front-End Engineering cohort of @TheIronYard--Orlando for Spring 2015
Creative Commons Zero v1.0 Universal
13
stars
7
forks
source link
Assignment 26: More Beautiful
#310
Closed
al-the-x
closed
9 years ago
al-the-x
commented
9 years ago
[ ]
Homework Review
[X] Merge Conflicts suck.
[X] Pulling data out of an API
[ ] Use an auth token with an API? (see below)
[ ]
Retrospective
What did we do well? What should we continue?
What should we improve? What should we stop?
Did we meet our goals and why?
[x]
Authentication vs Authorization
Who are you? How do I know?
Are you allowed to perform an action?
What actions are you allowed to perform?
User / Action / Resource
[x]
Authentication
Credentials: Username & Password
HTTP Basic / Digest
Form-based authentication
Credentials: Unsigned Token
via HTTP query string param
via HTTP header
via HTTP cookie value
http-only
Credentials: Signed with Pre-Shared Key (PSK)
signed via SSL/TLS
signed via OAuth 1.0A
[x]
Authorization
Permissions: CRUD vs BREAD
Example: Unix read-write-execute
Example: Github Issues vs Commits
Permissions: Explicit vs Implicit
Permissions: Liberal vs Conservative
Permissions: Inheritance
[ ]
Security Considerations
Same-Origin Security Policy
Cross-Origin Resource Sharing
JSONP (A Creative Hack)
Server-Side Proxy
http-only