search

jamesplease / backbone.simple-auth

A basic cookie-based client-side auth service for Backbone apps.
MIT License
9 stars 4 forks source link

Use btoa/atob for increased security #12

Open jamesplease opened 9 years ago

jamesplease commented 9 years ago

http://tools.ietf.org/html/rfc2617

//cc @thejameskyle

jamiebuilds commented 9 years ago

I think all you need for compliance is btoa and atob.

jamesplease commented 9 years ago

lol wat

jamiebuilds commented 9 years ago

https://developer.mozilla.org/en-US/docs/Web/API/WindowBase64.btoa https://developer.mozilla.org/en-US/docs/Web/API/WindowBase64.atob

jamesplease commented 9 years ago

@thejameskyle, I looked into some security resources to see if I could find anyone explaining what sort of attack this prevents / how to implement it, and I couldn't find anything. I'm probably just bad at googling, though.

This seemed to be related to cross site request forgeries, so I googled that, and here's what I found:

https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet https://en.wikipedia.org/wiki/Cross-site_request_forgery

Do you have any links that explain what sorts of attacks this prevents, and how to prevent it?