Security best practices
It's time to discuss the best security practices, without which this story would not be complete:
- Do not retain the password: The HTTP basic authentication is deprecated, so use other techniques such as OAuth to make a more secure application following standards. Use safe OAuth tokens instead of passwords.
- Perform the input validation: You should always sanitize all input data. You need to check string length, validate file types, and check the minimum and maximum values to be sure that all the data sent to the server via the
POST
request is in the proper format and length. - Filter input and sanitize output: You should always filter all the data that comes from the client to the web server and sanitize all the data coming back to the client.
- Use a secure connection: Use the TLS certificate to organize a secure connection between the web browser and server to provide all REST APIs or AJAX requests over TLS. TLS in conjunction with OAuth is a safe and suggested solution...