On this publication, we are going to speak in regards to the following:
How does HTTPS work?
Hypertext Switch Protocol Safe (HTTPS) is an extension of the Hypertext Switch Protocol (HTTP.) HTTPS transmits encrypted knowledge utilizing Transport Layer Safety (TLS.) If the info is hijacked on-line, all of the hijacker will get is binary code.
How is the info encrypted and decrypted?
Step 1 – The consumer (browser) and the server set up a TCP connection.
Step 2 – The consumer sends a “consumer good day” to the server. The message incorporates a set of crucial encryption algorithms (cipher suites) and the newest TLS model it might assist. The server responds with a “server good day” so the browser is aware of whether or not it might assist the algorithms and TLS model.
The server then sends the SSL certificates to the consumer. The certificates incorporates the general public key, hostname, expiry dates, and many others. The consumer validates the certificates.
Step 3 – After validating the SSL certificates, the consumer generates a session key and encrypts it utilizing the general public key. The server receives the encrypted session key and decrypts it with the non-public key.
Step 4 – Now that each the consumer and the server maintain the identical session key (symmetric encryption), the encrypted knowledge is transmitted in a safe bi-directional channel.
Why does HTTPS swap to symmetric encryption throughout knowledge transmission? There are two major causes:
1. Safety: The uneven encryption goes just one method. Which means that if the server tries to ship the encrypted knowledge again to the consumer, anybody can decrypt the info utilizing the general public key.
2. Server sources: The uneven encryption provides numerous mathematical overhead. It’s not appropriate for knowledge transmissions in lengthy classes.
Over to you: how a lot efficiency overhead does HTTPS add, in comparison with HTTP?
retailer passwords safely within the database and how you can validate a password?
Let’s have a look.
Issues To not do
🔹 Storing passwords in plain textual content just isn’t a good suggestion as a result of anybody with inside entry can see them.
🔹 Storing password hashes immediately just isn’t enough as a result of it’s pruned to precomputation assaults, reminiscent of rainbow tables.
🔹 To mitigate precomputation assaults, we salt the passwords.
In line with OWASP tips, “a salt is a novel, randomly generated string that’s added to every password as a part of the hashing course of”.
retailer a password and salt?
1️⃣ A salt just isn’t meant to be secret and it may be saved in plain textual content within the database. It’s used to make sure the hash result’s distinctive to every password.
2️⃣ The password will be saved within the database utilizing the next format: hash(password + salt)
validate a password?
To validate a password, it might undergo the next course of:
1️⃣ A consumer enters the password.
2️⃣ The system fetches the corresponding salt from the database.
3️⃣ The system appends the salt to the password and hashes it. Let’s name the hashed worth H1.
4️⃣ The system compares H1 and H2, the place H2 is the hash saved within the database. If they’re the identical, the password is legitimate.
Over to you: what different mechanisms can we use to make sure password security?
be taught design patterns?
In addition to studying a whole lot of well-written code, ebook guides us like trainer.
𝐇𝐞𝐚𝐝 𝐅𝐢𝐫𝐬𝐭 𝐃𝐞𝐬𝐢𝐠𝐧 𝐏𝐚𝐭𝐭𝐞𝐫𝐧𝐬, second version, is the one I might suggest.
Once I started my journey in software program engineering, I discovered it laborious to know the basic textbook, 𝐃𝐞𝐬𝐢𝐠𝐧 𝐏𝐚𝐭𝐭𝐞𝐫𝐧𝐬, by the GOF. Fortunately, I found Head First Design Patterns within the college library. This ebook solved a whole lot of puzzles for me. Once I went again to the Design Patterns ebook, all the things appeared acquainted and extra comprehensible.
Final 12 months, I purchased the second version of Head First Design Patterns and browse by way of it. Right here are some things I like in regards to the ebook:
🔹 This ebook solves the problem of software program’s summary, “invisible” nature. Software program is tough to construct as a result of we can’t see its structure; its particulars are embedded within the code and binary recordsdata. It’s even tougher to know software program design patterns as a result of these are higher-level abstractions of the software program. The ebook fixes this through the use of visualization. There are many diagrams, arrows, and feedback on virtually each web page. If I don’t perceive the textual content, it’s no downside. The diagrams clarify issues very effectively.
🔹 All of us have questions we’re afraid to ask once we first be taught a brand new ability. Possibly we predict it’s a straightforward one. This ebook is sweet at tackling design patterns from the coed’s viewpoint. It guides us by asking our questions and clearly answering them. There’s a Guru within the ebook and there’s additionally a Pupil.
Over to you: which ebook helped you perceive a difficult subject? Why do you prefer it?