Man you know what's awesome? When you've been studying web dev for a few months and you're familiar with 90% of what was done here :) Awesome talk, thanks!
This is a great beginner guide for really basic authentication. I was hoping this would be a talk about different types of authentication. I guess I should have read the video description. I know I'm 5 years late to the party but maybe somebody else will see my comment and spare themselves a half an hour. (not trying to knock the guy, just the title was misleading and not what I was looking for)
Hey! Hello I'm a beginner in all this and I'm very interested and in this topic, do you have recommendations about what sources (books, videos, free courses) can I use to learn more about authentication?
Loved the talk and the presentation. Unfortunate that they cut the time in half. Would've loved to hear more about new auth techniques like auth2.0, open id, authentication with serverless architechtures and JAM stack. Honestly I don't know much about them either, still learning.
Really good explanation, many thanks. Couple of points though (1) Passwords should be "salted" prior to hashing (2) SSL is now deprecated, TLS should be used
I think the time was too strict to speak about it. but bcrypt by default uses salts. $2a$10$N9qo8uLOickgx2ZMRZoMyeIjZAgcfl7p92ldGxad68LJZdL17lhWy \__/\/ \____________________/\_____________________________/ Alg Cost Salt Hash
Sir, you are requested to make some video that elaborates API / web-sockets oAuth and related stuff. i dnt have a programming background, but your video made much of the things easier then easy. :-)
I have a question, can somebody help me? In 2:47 he says that for the sake of simplicity for this video he was going to put all the login of the app inside server.js file *but*, he says that we should never do that in the real word. My question is, then what should we do? separate files in modules in JS? or something like that? Sorry if I said something stupid but I'm just starting on this... thank you
Same thing I was thinking. The session cookie seems to be the user._id and if this bit of info is leaked to the public, then it's easy to mimic a session of another user just by setting the cookie manually. This is how I saw it. I may be missing something.
this isn't anything you wanted to know about authentication, but is a decent tutorial on node servers, which is kind of the opposite, plus oral potty fixation
7 minutes in and authentication has not even started i've seen 100 seconds videous about modern authentification methods that cover more info that this one
Man you know what's awesome? When you've been studying web dev for a few months and you're familiar with 90% of what was done here :) Awesome talk, thanks!
The deeper you go and the experienced you become, the faster this feeling will fade away. You are welcome.
@ReivenIV dunning Kruger is a hell of a drug
The best talk on authentication, and i needed this for nodejs. This is perfect!
SO MUCH COVERED IN 30 MINS!!!!! AWESOME EXPLANATION!!!!!!
One of the best technical talk I have ever watched.
Great talk by a bodybuilder..
developers should take care of their health more than others. because they sit all day night
he just did 1 push-up when he got an error
This is a great beginner guide for really basic authentication. I was hoping this would be a talk about different types of authentication. I guess I should have read the video description. I know I'm 5 years late to the party but maybe somebody else will see my comment and spare themselves a half an hour. (not trying to knock the guy, just the title was misleading and not what I was looking for)
Hey! Hello
I'm a beginner in all this and I'm very interested and in this topic, do you have recommendations about what sources (books, videos, free courses) can I use to learn more about authentication?
dude stop developing and go with the education bussiness. you are king. very very explanatory. thank you very much.
I love this guy 😂 I love the language and how he sees things. You can say he really understand what he’s talking about from first second.
This man is a legend , his video is 100% useful and straightforward
Thank you so much for this
Loved the talk and the presentation. Unfortunate that they cut the time in half. Would've loved to hear more about new auth techniques like auth2.0, open id, authentication with serverless architechtures and JAM stack. Honestly I don't know much about them either, still learning.
This was very insightful. I had to rewatch the last half just to solidify the concepts.
Thanks.
Give this dude an hour next time :) Great talk!
Really good explanation, many thanks. Couple of points though
(1) Passwords should be "salted" prior to hashing
(2) SSL is now deprecated, TLS should be used
I think the time was too strict to speak about it. but bcrypt by default uses salts. $2a$10$N9qo8uLOickgx2ZMRZoMyeIjZAgcfl7p92ldGxad68LJZdL17lhWy
\__/\/ \____________________/\_____________________________/
Alg Cost Salt Hash
🙌
Thank you
bcrypt automatically generates a random salt and salts the password before hashing
I saw the Talk from 2015 and this looks the same but the 2015 talk was so good , I am gonna watch this one
He was very efficient with his time slot! Great talk
So glad CSRF was included.
Damm that might be one of the best presentation I have seen in a while
Amazing talk for so many reasons. JWTs are still popular as the next shiny toy and 6 years later only 8,000 views.
Good 🌹 morning Sir and to ALL thanks for the business updated God bless to ALL 💕❤️👍✔️👌🥇☺️ the times 💕❤️👍✔️
Sir, you are requested to make some video that elaborates API / web-sockets oAuth and related stuff. i dnt have a programming background, but your video made much of the things easier then easy. :-)
Very clean and easy to follow overview!
Thanks for watching!
He is talented and verbose. Thanks man
This is the best tutorial for web authentication. Thanks Twillio
wow! loved the talk
I got Goosebumps. Awesome talk.
This sharing is awesome, shared the basic concept of authentication in really short time.
beautiful! [this comes from the men that don't use exclamation marks lightly].
This guy is amazing, learned so much.
Amazing talk, covered important concepts in a short time.
top web dev video all time!
Great security tips by a bodybuilder!
Unbelievable quality of the material. Biiiiiiig LIKE!
This is mana from heaven
Lots of things are packed together to form a nice presentation. Just like a body builder lol
I have a question, can somebody help me?
In 2:47 he says that for the sake of simplicity for this video he was going to put all the login of the app inside server.js file *but*, he says that we should never do that in the real word.
My question is, then what should we do? separate files in modules in JS? or something like that?
Sorry if I said something stupid but I'm just starting on this... thank you
at 15:32 shouldn't it be checking for a session token or something not the user_id?
Same thing I was thinking. The session cookie seems to be the user._id and if this bit of info is leaked to the public, then it's easy to mimic a session of another user just by setting the cookie manually.
This is how I saw it. I may be missing something.
@@haopeiyang3443 I guess, to avoid this, the "httpOnly"-flag is used
It is checking for the req.session.userId because that is set on the server after a successful login (14:44). This is not coming from the client.
Wouldn't you be able to add the req.user field manually with something like postman and trick the server into thinking you are a user?
Let's actually implement that sh*t 😂
Hey, look! I only have 30 mins and thats why I’ll spend half of the time describing the toolset
right..lol
i wish if he has a full course
Great talk, thanks!!!
Bravo! This guy is a BEAST
Absolutely perfect explanations!
Interesting talk.
great talk but salting is very important too
Kudos for keeping it short.
what if you have more than one server? Will the authentication still work?
You have done gr8 job bro.
I did the same and it took me 5-6hrs configuring passport.js and then i came here
Clear Explanation... Thank you so much...
Learned so much in 30mins!
That password would have been way more secure if he would have added a second '!'.
Omg, I finally get it! Thanks a ton!!
Great talk!!!
this isn't anything you wanted to know about authentication, but is a decent tutorial on node servers, which is kind of the opposite, plus oral potty fixation
very helpful session!
Thanks Rambo Guy!
7 minutes in and authentication has not even started
i've seen 100 seconds videous about modern authentification methods that cover more info that this one
he is a chad in developer community
you should get 1hr. awesome talk bro
Amazing talk!
brooooooo thank you so much
You are the best! Thank you
how about basic authentication?
Is he researching authentication? I think he is preparing to beat me ;)
6:27 how can I visualize this JSON?
This guy rocks!
very useful
thank you!
What a great content.
Miss leading title. Authentication and Web Authentication are 2 different things.
Perfect!
amazing stuff
Awesome...
That was awesome!
Awesome!
Thank you!
great
Gold
be my boss
good
checking data replication strategy for youtube
Perfect 👌🏽
More Thanks for your help! We received your information, GOD BLESS, SIR!
ISAIAH 41:2,7,25 GOLDSMITH
thanks dude!! that's legit!!
♥️♥️♥️
7:05 if u know u know
perfect
what a chad
Thankg u
Here is the 50 minutes version
th-cam.com/video/i7of02icPyQ/w-d-xo.html
Nice joke about Canadian police :D
This guy needs a more professional vocabulary.
I don't like it when they start dropping F bombs in a professional talk. You are not chillin with your buddies. Be professional.
I thought it was a bit awkward as well, but the rest of the talk was fantastic.
Oh shut up you snowflakes...
eh most programmers I know swear. I didnt even notice he was swearing
the yahoo joke is pretty lame