Skip to main content

The Advantage of Using HTTP Default Authorization Scheme #DigitalSecurity

Author Bill Tanthowi Jauhari
pixabay.com


Hello Everyone, This day I would like to introduce you to the default header for authorization in HTTP.

HTTP auth scheme is a guide or standardization scheme for the authorization header in the HTTP protocol. this standard is using key Authorization in the header and followed by a value that usually filled by key or token. for example :

Authorization : <type> <key/token>

 this standard is the solution of the key header for authorization that really random was provided by developers to build an authorization header for their application, in my experience, developers used to "token" for their key in the header that usually followed by the hash value. the random key makes developers using more time for writing code for getting header key and validating the value which is you could use the library and focus on writing the logic of your application.

Depend on Mozilla site, HTTP auth scheme divided by 4 types, such as :
  1. Basic (see RFC 7617, base64-encoded credentials. See below for more information.),
  2. Bearer (see RFC 6750, bearer tokens to access OAuth 2.0-protected resources),
  3. Digest (see RFC 7616, only md5 hashing is supported in Firefox, see bug 472823 for SHA encryption support),
  4. HOBA (see RFC 7486, Section 3, HTTP Origin-Bound Authentication, digital-signature-based),
  5. Mutual (see RFC 8120),
  6. AWS4-HMAC-SHA256 (see AWS docs).
for more information on how to use it, you could read the journal RFC above. 

nowadays developers using token (read: hash value) for authorization, and most of them using JWT (JSON web token). the JWT itself already recommending a lot of libraries that developers could use for supporting their authorization.

if you use JWT, you could pick one of the libraries depending on your language. the library itself is already supporting HTTP Auth Scheme, so you just need to configure the auth by yourself such as the type of algorithm and the secret key for the hash. also, the JWT is already supporting for Bearer Authorization Standard which is the newest and the most secure for authorization, until this article posted.

Conclusion


The standard HTTP Auth Scheme is the standard that supporting developers to makes building authorization easily and more secure, you could use the custom key but in case you need faster and more secure way, the standard is the best choice for you.

Malang, Kota Malang, Jawa Timur, Indonesia

Popular posts from this blog

Laravel Tips : Membuat Model, Migration dan Controller dengan Sekali Jalan

Author Bill Tanthowi Jauhari
  php artisan adalah generator laravel yang berfungsi untuk membuat file kodingan dengan mudah, seperti membuat controller, model, seeder, migration dan masih banyak lagi. artisan hanya bisa di lakukan di dalam lingkungan console, seperti cmd dan terminal. berikut akan saya tunjukan cara membuat controller, model, migration menggunakan php artisan. # membuat controller ketikkan perintah di bawah ini php artisan make:controller BlogController # membuat model ketikkan perintah di bawah ini php artisan make:model Blog # membuat migration ketikkan perintah di bawah ini php artisan make:migration blog # membuat seeder ketikkan perintah di bawah ini php artisan make:seeder BlogSeeder # membuat migration, controller, dan model sekaligus ketikkan perintah di bawah ini php artisan make:model -crm Blog perintah di atas akan mengenerate controller dengan nama BlogController dengan keadaan Resource method tertulis, m...
Read More »

Automatic API Documentation Swagger in Golang #GolangDev

Author Bill Tanthowi Jauhari
pixabay.com In this article, I'll explain how to generate an API blueprint instantly using SwagGo in Golang. API blueprint is a document that contains a bunch of API endpoints, its slickly same as documentation but less description, it's allow another programmer to read and see all the available endpoint and try it out with sandbox feature. Swagger is one of the most used API blueprints right now, it's available in free but limited usage. if you wanna use the free credit, you need to understand YAML notation, you can read the example notation in swagger official documentation. but again, it's really hard and takes an expensive time to arranges all the notation to achieve a good API blueprint. fortunately, there are tools in Golang that allow us to generate the YAML notation and automatically generate the blueprint page with only using markup notation, and it's FREE unlimited for self-host, insane right? SwagGo tools are available here , the documentation is very cl...
Read More »

Langkah-Langkah Membersihkan Virus Shortcut Versi 3.x

Author
  Virus Shortcut adalah virus yang menampakkan dirinya dalam bentuk shortcut, dalam penyebarannya virus ini menggunakan media penyimpanan dan membuat shortcut di dalam penyimpanan tersebut lalu mengaktifkan dirinya dengan cara memanfaatkan kelemahan pengguna untuk meng klik shortcut tersebut. Tujuan dari virus ini sangat sederhana, hanya ingin menyebarkan dirinya ke komputer korban dan membuat komputer korban menjadi sarangnya, tanpa merusak isi atau file dari komputer korban, maka dari itu virus ini di golongkan menjadi virus junk (baca:virus sampah). virus shorcut yang terbaru di tandai dengan hilangnya semua file dan folder kita saat pertama kali membuka media penyimpanan seperti flashdisk dan memory card, tetapi ada satu file yaitu file shortcut yang memiliki nama sesuai nama media penyimpanan kita. apabila kita klik shortcut tersebut maka akan muncul window explorer baru dan file kita akan muncul semua. apabila anda menemui tanda-tanda seperti di atas, maka m...
Read More »