22
gitpush
7y

yay! Almost done learning basics Nodejs REST :D

Now time to learn how to make gitlab auto build and test, then new features to my little project

Next in line:
Testing UI in React Js/Native T_T

Comments
  • 0
    @jschmold thanks man, but how do I do csrf tests? I just ddg it, never knew about honestly, any link where I can see an example of how to test it?
  • 0
    @jschmold thank you so much really appreciate your help
    What I'm going to do according to what I understood:
    I return a JWT token for now, I'm thinking of adding session id to it's data plus a session token (CSRF) to return with each request
    Link CSRF and session ID in database,.

    But my question is, how long to I make TTL of the JWT token? For now I keep it 24 hours, but I don't think it is a sufficient solution for end user having to renew login everyday. I'm was planning on reading about refresh tokens after exams, do you have any suggestions?
  • 0
    @jschmold excuse my noob question I'm good in programming but was never given the task tried handling security stuff in code it was always someone else's responsibility :/
    And I want to learn as obvious my unit test was missing lots of check tests :/
  • 0
    @jschmold not a top security app, but assume on a rooted phone database was stolen (doubt this will happen) and hacker obtained that token, is there a way other than matching device ID with token so that I prevent this token from being used from a different device?
  • 0
    @jschmold thanks man, linuxxx here recommended this https://owasp.org/index.php/...
    For securing a service, anything else I need to check
  • 0
    @jschmold not talking about online db but on local db where I store user auth token, if that is stolen from the user how to make sure user account is still safe?
  • 0
    @jschmold ok then, thank you for all the info luckily it all came in beginning of weekend 😀
    As for Linux and linuxxx don't worry, they had their share of my million questions 😅
  • 0
    @jschmold oh and your next in line for my million questions if I get stuck at some point 😓😅
  • 0
    @jschmold even better thank you 😀😀
  • 1
    @jschmold Why store csrf data in a persistant database? And thanks for your comment, I guess I'm a competent sysadmin now 😊
  • 1
    What's the screenshot from?
  • 1
    Good for you! Keep going.
  • 0
    @missingmarshall it is from VS Code after completing the test

    @lunorian I prefer to have my own API since in that case I only have to care about the cost of the server and not reach a point where my app needs more power and having to pay more on Firebase

    @telephantasm thanks man :)
Add Comment