What I’m trying to build
- REST-API using Express and SQLite
- 5 to 10 authors should be able to post articles to
- except them, no one is allowed to post anything
My approach to build it
- authors are stored in the database
- password matched with regex and hashed with salt
- provide a login route for authors to login
- after login, a JWT is sent to the author
I have built APIs like that a couple of times for school, but never in production.
I am really worried if this approach may isn’t safe. I thought about using Auth0 or some other IdaaS-providers, but I’d rather do it by myself, especially because I am not sure if I the free plans of these providers cover all features I need.
To conclude, what are the security risks of builing the authentication by yourself? Can I make my approach more secure? Are there better "workflows" to implement a form of authentication for my problem?
Like in a certain way in MySQL.
CREATE 'dbuser'@'10.1.0.1' identitifed by 'password';
GRANT USAGE on *.* to 'dbuser'@'10.1.0.1';
We are not using any mongodb tools except for Robo
¿Which Mac Book/Mac Book Pro is LAST models users can easy change/replace/upgrade battery, memory, and hard drive? Now (year 2021) no Mac Book/Mac Book Pro allow user easy upgrade. Easy upgrade means Apple allow user upgrade, no lose warranty.