15
momad
84d

There is zero reason why you should roll your own auth. Your app is not special.

Comments
  • 4
    But... what if it is? :(
  • 4
    But what if all current auth solutions are utter shit *ehem* node *ehem*
  • 4
    Well of course it's not.

    Not by itself.

    The auth is what MAKES it special :)
  • 3
    I made my own auth for my ledger web app. It stores a hash of the password in an encrypted backend. I'm pretty proud of it. That said, only I use the app. I didn't write it with the intent of anybody else using it. Another app I wrote uses a module that interfaces with corporate AD to check passwords. I wrote the code that handles the sessions and cookies, but I leave the storage of credentials to the company.
  • 8
    I'd rather not let clients/users sign in through mass surveillance integrated services (Facebook, Google and such) so that rules out a lot and I can't be 100 percent sure that every other auth service does hashing and whether or not they properly secure their shit.

    Therefore I choose to do it myself. Am I saying that I'm better at this than huge ass companies? Definitely not (per definition), its just that I have a hard time trusting companies/external parties with this data and next to that, if they have an outage...
  • 2
    Another good reason why you should write your auth yourself is that it won't be deprecated by some 3rd Party.
  • 1
    Nothing is ever going to be special if you don't claim it
  • 3
    Roll your own crypto?
    Never.

    Roll your own auth?
    Why not? It's not exactly difficult. Do you roll your own leftpad, or let someone else handle that, too?
  • 1
    @Root hahaha
  • 2
    @linuxxx

    Theres really a need for a middleman 'one and done' SSO service, that anyone can use as an api on their website, to decouple usernames from facebook/google/microsoft/twitter profiles.

    It would go a long way, or at least be a big step to taking back our privacy from these megacorps.
Add Comment