wwwhisper add-on for Node.js

The wwwhisper Heroku add-on is now available for Node.js. As with the Ruby Rails/Rack version the setup is just a matter of three lines of config that enable the wwwhisper auth middleware.

One of the goals of wwwhisper is to decouple authentication and authorization logic from the application business logic. Such approach allows to easily enable auth without changing business logic at all, but it has also security benefits. The Open Web Application Security Project summarizes it nicely:

‘A common mistake is to perform an authorization check by cutting and pasting an authorization code snippet into every page containing sensitive information. Worse yet would be re-writing this code for every page. Well written applications centralize access control routines, so if any bugs are found, they can be fixed once and the results apply throughout the application immediately.’

Posted by Jan Wrobel; January 08, 2014

All posts

• Improving Unit Test Coverage with Gemini
• Shapespark
• wwwhisper add-on for Node.js
• Object Oriented Programming with closures
• wwwhisper add-on released
• DoS attack on CDN users
• wwwhisper add-on update
• Underhanded C Contest
• wwwhisper add-on update
• Random walk illustrated with D3
• Django DB Pool on Heroku
• wwwhisper Heroku add-on
• C++ puzzle
• Productivity Tip of the Week
• wwwhisper on OpenShift
• Sibling domains cookies isolation