Users and Security

Overview

So far in the course, all users have been treated the same. Everyone has had the right to add, edit, and delete data, even if the data was not created by them. In this part, we look into how to register users and how to log in to the application. We also look into how to keep track of the users and how to verify that the users are only using the parts of the application they are allowed to use. We finally briefly look into a few common web security flaws and how to avoid them.

The structure of this part is as follows:

Authentication and Authorization introduces key concepts related to having users, and discusses methods used to track users in web applications.
Passwords and Users discusses storing passwords in as hashes and shows how to create a registration and a login form.
Form Actions shows how to handle form submissions in SvelteKit on the server responsible for the client-side application, partially removing a problem with sending sensitive data in the URL.
Tracking Users with Cookies demonstrates the use of cookies to track users and display user-specific content from cookies.
Cookies and JWTs expands on the chapter on tracking users with cookies, using tokens to pass information between the client and the server.
Protecting Routes and Data shows how to protect routes and data based on user authentication and authorization.
Role-Based Access Control introduces Role-Based Access Control (RBAC) and how it can be implemented in web applications.
Web Security Basics discusses some basic web security flaws and points to resources for further reading.
Overarching Project continues with the overarching project.

Finally, at the end of the part, there is a recap and feedback chapter that briefly summarizes the part and asks for feedback on the part.

Authentication and Authorization →