lostecho/build-web-application-with-golang
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix grammar and typos for 09.0.md [en]

Browse Source
This commit is contained in:
Anchor
2014-10-22 14:42:53 -07:00
committed by James Miranda
parent 5be9871afb
commit 2a225ac03a
1 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
en/eBook/09.0.md
View File

@@ -1,16 +1,16 @@
# 9 Security and encryption
Security is important with Web application. This topic been getting more and more attention lately, especially in recent CSDN, Linkedin and Yahoo password leaks. As Go developers, we must be aware of vulnerabilities in our application and take precautions to prevent attackers from taking over our system.
Security is an extremely important aspect of most web applications. This topic has been getting more and more attention lately, especially in light of the recent CSDN, Linkedin and Yahoo password leaks. As Go developers, we must be aware of vulnerabilities in our applications and take precautions in order to prevent attackers from taking over our systems.
Many Web application security problems are due to the data provided by a third-party. For example, user input should be validated and sanitized before being stored as secure data. If this isn't done then when the data is outputted to the client, it may cause a cross-site scripting attack (XSS). If unsafe data is used database queries, then it may cause a SQL injection. In sections 9.3, 9.4 we'll look at how to avoid these problems.
Many of the security problems that arise in modern web applications originate from data provided by third-parties. For example, user input should always be validated and sanitized before being stored as secure data. If this isn't done, when the data is outputted to a client, it may cause a cross-site scripting attack (XSS). Similarly, if unsafe data is used directly as your application's database queries, then you may be vulnerable to SQL injection attacks. In sections 9.3 and 9.4, we'll look at how to avoid these problems.
When using third-party data, including user-supplied data, first verify the integrity of the data by filtering the input. Section 9.2 describe how to filter input.
When using third-party data (which includes user-supplied data), first verify the integrity of the data by filtering the input. Section 9.2 will describe how to filter input.
Unfortunately, filtering input and escaping output does not solve all security problems. We will explain in section 9.1 cross-site request forgery (CSRF) attacks.
This is a malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts.
Unfortunately, filtering input and escaping output does not solve all security problems. In section 9.1, we will explain cross-site request forgery (CSRF) attacks.
This is a malicious exploit where unauthorized commands are transmitted from a user that the website trusts.
Adding encryption can also include the security of our Web application. In section 9.5 we will describe how to store passwords safely.
Keeping confidential data encrypted can also help you to secure your web applications. In section 9.5, we will describe how to store passwords safely using Go's encryption package.
A good hash function makes it hard to find two strings that would produce the same hash value, which describes one way encryption. There is also two-way encryption, that is where you use a key to decrypt encrypted data. In section 9.6 we will describe how to perform one-way and two-way encryption.
A good hash function makes it hard to find two strings that would produce the same hash value, and this is one way with which we can encrypt our data. There is also two-way encryption, where you use a secret key to decrypt encrypted data. In section 9.6 we will describe how to perform both one-way and two-way encryption.
## Links