App Security and npm Quiz

bcrypt is used to hash passwords and other sensitive information before storing them in a database. Hashing is a security measure that converts sensitive data into a fixed-length string of characters, making it difficult for attackers to decipher the original data. This helps protect against breaches by ensuring that even if the database is compromised, the original passwords and sensitive information remain secure.

jsonwebtoken is used to create and verify JSON Web Tokens (JWTs), which are a means of representing claims between two parties securely.

JWTs are commonly used for authentication and information exchange in web development.

The package allows developers to create tokens containing information (claims) that can be verified by the receiving party to ensure their authenticity and integrity.

This helps enhance app security by enabling secure communication and verification of user identity.

Authorization in app security controls what users can do in the application. It decides which parts of the app a user can access based on their identity and role. This prevents unauthorized access to sensitive data and features, ensuring that users only have access to what they're supposed to.

Authentication in app security is like proving you are who you say you are. It's the process of verifying your identity, typically by entering a username and password, to access an app. This helps ensure that only the right people can get into the app and keeps out unauthorized users.

dotenv helps keep sensitive information, like passwords or API keys, safe by storing them in a separate file. It loads these details into the app securely, so they're not exposed in the code.

Mongoose is an Object Data Modeling (ODM) tool for MongoDB in Node.js that helps ensure that data in a MongoDB database is stored correctly. It does this by defining rules for how data should look (like a blueprint) and checking that new data meets those rules before saving it. This helps prevent mistakes and keeps data safe and organized.

Managing user accounts is significant in app security for several reasons. One of the primary purposes is to prevent unauthorized access to sensitive information and functionalities within an application. By managing user accounts, applications can enforce authentication mechanisms, such as username/password combinations or multifactor authentication, to verify the identity of users before granting access.

Auditing involves tracking and recording user activity within the application for analysis, compliance, and security purposes.