Security Concerns Lab

Implementing Security Measures

In the lesson today, we discussed concepts. Now, we are going to put these concepts into practice! Open your MVC Message Logger application (the mod3 project). Add the following features:

Remove Connection Strings

Using either secrets management or environment variables, remove the database connection string from your application.

Make sure that you run your application to make sure that it still works!!

✅Write up an explanation of the steps you took to achieve this, and send it to your instructors!

Hashing Data

Update your application to:

• Include a password on the user model
  • When a user is created, the password should be stored as a digest in the database
• Ask for a user’s password when they try to log in
  • They should only be able to add new messages if they provide a matching password

You can use these user stories to help guide the implementation:

As a User
When I visit '/users/new'
Then I see a form to create a new user with a name, username, and password

As a User
When I Complete the form
Then I am redirected to the new user's page
  And I can create messages for that user

✅Send a screenshot of the controller action that creates a user to your instructors!

As a User
When I visit '/users'
  And I click on 'Log In'
Then I am taken to '/users/<username>/login'

As a User
When I visit 'users/<username>/login'
Then I see a form asking for a password

When I enter the password for that user
Then I am redirected to that user's page
  And I can create messages for that user

As a User
When I visit 'users/<username>/login'
Then I see a form asking for a password

When I enter an incorrect password for that user
Then I am redirected back to '/users'

✅Reach out to another member of the cohort for some code-review!