Missing topics, thoughts, and discussion

@lirantal hope all is well my brotha from anotha motha :)

Few topics felt I needed to address that were missing.

salt & hashing - using bcrypt-nodejs vs bcrypt
securing api end-points - using passport-local strategy
JWT - using passport-jwt strategy
CORS - various express plugins

RE: usage with bcrypt

It has issues with windows and linux os. Mind you it depends on the linux distributions (redhat/ubuntu/debian). Some of the problems for both are os env variables utilizing node-gyp python >=2.5 and <3.0 version

my suggest is to mention that it exists and this is an alternative work around to avoid messing around with compilers, additional c++ packages, and pointing your os env variable to python >=2.5 and <3.0 version as most are preinstalled with python >3.0

RE: usage with passport-local strategy

probably one of the most straight fwd implementation that quickly wires up securing api-end points with auth module of your choice (JWT or Cookie/Sessions)

my suggestion is to elaborate more on why you would want to consider using this and why its one of the most used local auth stradegy. In a world where everything seems to be going microservices (ex: api servers and seperatation of the front-end) vs monolith architecture.

Re: JWT

gotta talk a about use of JSON Web Tokens. Very easy to wire up, ex: using passport-jwt strategy

my suggestion is to elaborate more on this subject and provide example

RE: CORS

there should be some mention of this regarding the usage, Several express CORS libraries on the subject. There are various express plugins libraries.

my suggestion is to elaborate more on this subject and provide example

So far enjoy the straight forwardness of the book with clear explanations, and straight to the point recommendations for each topic.

Currently reviewing and re-reviewing...

lirantal / essential-nodejs-security-book

Missing topics, thoughts, and discussion #2