Hashing is a method that transforms a password into a unique string of characters, called a hash, which is difficult to reverse-engineer. Once a password is hashed, the hash is stored, not the actual password. When you enter your password, it’s hashed again and compared to the stored hash. If they match, you’re granted access.
A library to hash passwords.
bcrypt is an adaptive password hashing algorithm which uses the Blowfish keying schedule, not a symmetric encryption algorithm.
To secure your passwords with an adaptive hashing algorithm that is resistant to various hacking methods.
Basic Authentication is a simple authentication scheme built into the HTTP protocol. The client sends a username and password with each request for validation. However, these credentials are sent in plain text and can be easily intercepted unless the connection is encrypted with SSL/TLS.
Authorization headerBasic valueusername:passwordusername:password in Basic Auth encoded?Base64 encoding (but does not provide any security & is easily decoded)
Authentication is the process of verifying who you are. When you log into a website, you provide your credentials (like username and password). These are checked against the stored credentials for that user. If they match, the system confirms your identity and you’re granted access.
Error messages should be informative enough to help users correct their mistakes, but they shouldn’t reveal too much information that could aid an attacker. For instance, instead of saying “Invalid password”, it’s safer to say “Invalid username or password”, so you don’t disclose that a particular username exists.
Done (see above)