Password Authentication for Web and Mobile Apps is a new book for web and mobile developers who want to learn how secure password authentication works and implement it in their apps.
It answers almost all questions that developers have about password authentication, such as how to store passwords securely, how to remember users, how to implement multi-factor authentication, etc.
Some other topics that it covers:
- Email address validation.
- Unicode issues in usernames, emails, and passwords.
- Secure randomness and UUIDs.
- U2F / WebAuthn.
- JWT and signed cookies.
- Five password hashing functions — PBKDF2, bcrypt, scrypt, yescrypt, Argon2 — and their issues and vulnerabilities.
- Client-side password prehashing.
- Rate limiting.
- and more…
The book is available at https://dchest.com/authbook/
Columnize is a little Go package that formats strings with separators into columns.
Continue reading columnize — format text into columns in Go
The standard Go log package is pretty barebones, but is fine for many simple programs. For more complex applications, though, you’d probably want to have different log levels for different events. There are many logging packages, such as the previously covered log15 that implement log leveling and provide other features. HashiCorp’s logutils is something different.
Continue reading logutils — enhanced Go logging
Amazon has published an Amazon Web Services SDK for Go programming language. Currently it’s experimental, so expect bugs, but you can already use it to manage your AWS stuff.
Continue reading AWS SDK for Go
Go ships with
flag standard library package, which covers a lot of what’s needed to write command-line interfaces, however if you need more power and better structure for your console apps, try codegangsta’s package cli.go.
Continue reading cli.go — better command-line applications in Go
If you need to read Git repositories from Go, instead of calling
git command-line tool, consider using gogit.
Continue reading gogit — read Git repositories from Go
Writing HTML document handling code with parsers is pretty hard. Even plain DOM tree walking can make your code look like spaghetti. That is why libraries like jQuery are popular: they make it easy to do queries and all sorts of other manipulations with HTML documents.
goquery is like jQuery, but in Go.
Continue reading goquery: jQuery-style HTML manipulation in Go
Manners is a Go package from Braintree that allows you to create a web server that you can gracefully shutdown.
Continue reading manners — gracefully shutdown Go server
log15 is a powerful structured logging package for Go with a simple, easy-to-use API. It supports output with color when logging to terminal, and also can write to files, streams, syslog and network.
Continue reading log15 — powerful logging for Golang
If you want data persistence in your Go application, most likely you’re thinking of using some database. The easiest and probably the most convenient for deployment are embedded databases. There are many wrappers for C databases, however Go developers usually prefer pure Golang solutions.
Bolt is the way to go: it’s a pure Go embedded key/value database, which is easy to use for persistence in your Go projects. Bolt is similar to LMDB, which many consider the best among state-of-the-art modern key-value stores. Just like LMDB, and unlike LevelDB, BoltDB supports fully serializable ACID transactions. Unlike SQLite, it doesn’t have a query language, and is much easier to use for common things.
Bolt saves data into a single memory-mapped file on disk. It doesn’t have a separate journal, write-ahead log, or a thread for compaction or garbage collection: it deals with just one file, and does it safely.
Continue reading Bolt — an embedded key/value database for Go