Am making a cloud-base POS
Unanswered
Mini Lop posted this in #help-forum
Mini LopOP
I’m planning to build a secure login API for vendors selling Point of Sale (POS) systems. Here’s what I currently have:
Database: MySQL
API Language: PHP
Security: SSL/TLS 1.3 implemented
I haven't started the actual development yet, and I’m seeking advice on how to effectively implement the secure login process. Here are my specific questions:
Login Authentication: What methods should I use to securely check a vendor's email and password? Is password hashing necessary, and if so, which algorithms are recommended?
Session Management: How can I manage vendor sessions securely after login? Should I consider using JWT tokens or traditional session IDs? What are the security implications of each?
API Structure: What best practices should I follow to design my API endpoints to ensure that only authorized vendors have access to specific functionalities?
Error Handling: What strategies should I implement for error handling during login to avoid revealing sensitive information?
Additional Security Measures: Are there any other essential security practices or tools I should consider implementing to protect user data?
I appreciate any insights or recommendations you can provide as I embark on this project!
(gpt generated text, i wont know what to say as am not good explaining)
Database: MySQL
API Language: PHP
Security: SSL/TLS 1.3 implemented
I haven't started the actual development yet, and I’m seeking advice on how to effectively implement the secure login process. Here are my specific questions:
Login Authentication: What methods should I use to securely check a vendor's email and password? Is password hashing necessary, and if so, which algorithms are recommended?
Session Management: How can I manage vendor sessions securely after login? Should I consider using JWT tokens or traditional session IDs? What are the security implications of each?
API Structure: What best practices should I follow to design my API endpoints to ensure that only authorized vendors have access to specific functionalities?
Error Handling: What strategies should I implement for error handling during login to avoid revealing sensitive information?
Additional Security Measures: Are there any other essential security practices or tools I should consider implementing to protect user data?
I appreciate any insights or recommendations you can provide as I embark on this project!
(gpt generated text, i wont know what to say as am not good explaining)
2 Replies
I think this video covers most of what you need
- Forms and server actions
- error handling on login
- Session management
- JWT
- middleware to protect routes
https://www.youtube.com/watch?v=N_sUsq_y10U
it is based on the docs here
https://nextjs.org/docs/app/building-your-application/authentication
- Forms and server actions
- error handling on login
- Session management
- JWT
- middleware to protect routes
https://www.youtube.com/watch?v=N_sUsq_y10U
it is based on the docs here
https://nextjs.org/docs/app/building-your-application/authentication
@chisto I think this video covers most of what you need
- Forms and server actions
- error handling on login
- Session management
- JWT
- middleware to protect routes
https://www.youtube.com/watch?v=N_sUsq_y10U
it is based on the docs here
https://nextjs.org/docs/app/building-your-application/authentication
Mini LopOP
thank you, but mostly i need api getaway php to make the verification, as we hold every data, from clients info to company info/ condetruals/prodcuts info/ orders/ and other