Your project this week is to build a web app that authenticates users and stores user-specific data in a SQLite database.
Before you start writing features you need to create a security plan. This should a section in your
README.md that describes how you will secure your app and mitigate different potential attacks.
- Will you store session info in a cookie (stateless) or in your database (stateful)?
- How will you check a user’s identity (authentication)?
- How will you control what actions a user can take (authorization)?
- How will you mitigate Cross-site Request Forgery (CSRF) attacks?
- What really is the difference between session and token based authentication
- JSON Web Tokens suck
- CSRF prevention
- As a user, I want to: submit information to your site for anyone to see
- As a user, I want to: come back to your site later and see what I posted is still there
- As a user, I want to: be the only person allowed to delete my stuff
Since this project is open-ended you’ll need to write your own more specific user stories once you know what you want to build.
- Founders & Coders book sharing system
- Food / coffee recommendations around Founders & Coders
- Founders & Coders events calendar