Max is a life enhancer for tech & entrepreneurship. Which seeks to blend both to build innovative products or services for the world that solves hard problems.
Absolutely! I definitely did not write this article with an emphasis on security, however everything you've suggested I would consider to be best practice. I might consider writing something about JWT tokens or security in general in the future.
As for security, I've fallen in love with Identity Server. it makes implementing authentication very simple and secure. I'll definitely be checking out the links you've referenced though.
Thanks!
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Can you speak to how you've accomplished this in the past? I'm interested in learning more about this security concern from your perspective! Thanks!
For me, I treat PUT and POST requests as if they are forms in the past.
Which I will usually sanitise it and check for any SQL injections.
Besides that I will also check that it has the right permission base upon the user account to execute PUT or POST.
Which might be in the form of JWT by requiring the use of it to send along with the request.
This will also be required to be send through a HTTPS connection to encrypt the data and prevent further attacks like man in the middle
A starting point for API security is OWASP Top 10 API Security
Absolutely! I definitely did not write this article with an emphasis on security, however everything you've suggested I would consider to be best practice. I might consider writing something about JWT tokens or security in general in the future.
As for security, I've fallen in love with Identity Server. it makes implementing authentication very simple and secure. I'll definitely be checking out the links you've referenced though.
Thanks!