SlideShare a Scribd company logo

validation of user credentials in social network by using Django backend authentication

Download as PPTX, PDF
I
izzatisholehah

1) The document discusses validation of user credentials in social networks using Django backend authentication. It aims to configure a Django framework platform for authentication, integrate token-based authentication, and test the backend authentication in a social network. 2) The problems with traditional username and password authentication are that it increases server overhead with many users authenticating and credentials can be accessed via HTTP requests. Token-based authentication is proposed to address these issues. 3) The proof of concept implements Django authentication with token-based authentication by installing Django/DRF, configuring the backend server, integrating token authentication, and connecting the backend to an API for social network credential validation.

Education
1 of 30
NUR IZZATI SHOLEHAH AZLAN 043772 SUPERVISOR: EN. AHMAD FAISAL AMRI ABIDIN @ BHARUN BACHELOR OF SCIENCE COMPUTER (COMPUTER NETWORK SECURITY) WITH HONORS FINAL YEAR PROJECT1 CSF35104
VALIDATION OF USER CREDENTIALS IN SOCIAL NETWORK BY USING Title FYP DJANGO BACKEND AUTHENTICATION
Process Model-Framework01 Data Model-Logical data02 Proof of concept03 Solution Complexity04
Introduction • Authentication backends provide an extensible system. Its allow the ability to change the method to checks user credentials. • This project is leveraged Django framework due to it is comes with a user authentication system which consist of backend authentication. • Apply token based authentication in backend authentication .
Problem statement • Every time a user is authenticated, the server will need to create a record somewhere on our server. This is usually done in memory and when there are many users authenticating, the overhead on your server increases. Username and password not secure because cookies can be accessed by the server by parsing the Cookie HTTP request header. • Need to hook into another authentication source – another source of usernames and password or authentication methods.
OBJECTIVE  To study validation of user credentials in social network focusing on backend authentication.  To configure a Django framework platform for authentication backend server.  To integrate token based authentication technique as integral part of Django based authentication backend server.  To test Django framework backend authentication in social network.
Framework
1) Install Python and Django 2) Configure Django and Django Rest Framework 3) Configure Django framework platform for authentication backend server 4) Integrate token-based authentication technique as integral part of Django based authentication backend server 5) Build an API6) Backend server connect an API and request check credential 9) User got token 7) Social network validates user credential and sent back to backend using API. 8) Django framework Backend server communicate with user
Social network application If valid credentials Data model Request credentials yes Client stores that token and sends it along with every request Start Got token no Backend server Validated from Django.contrib.admin Django.contrib.auth Rest framework End If Server Verifies token yes no
Proof of concept Django is Python web framework Pip(Package manage for python) Virtualenv(Provide a dedicated environment for each Django project)
Proof of concept Install Django use pip
Proof of concept Use PyCharm manage.py • DJANGO_SETTINGS_MODULE
Proof of concept
Proof of concept Run the server manage.py on the project
Proof of concept Development server is running at
Django Rest Framework . • Django Rest Framework, one of the most popular python package meant for Django to develop rest api’s and it made things really easier from authentication to responses each everything
Proof of concept Install Django using pip Markdown Django- -filter
Proof of concept Then create a dedicated migration file and migrate ch ange to the project database.
Proof of concept Create super user
Proof of concept DATA MODEL
Proof of concept aa
Proof of concept Check the server if have error with the code.
Proof of concept Login Django with the password you set in the server.
Proof of concept
Solution Complexity Technique: Token based authentication
Expected Result SERVER
Reference Felix. (2014, April 23). felixthea. Retrieved from Frontend vs Backend: Learn Before Hiring a Freelance Developer: http://felixthea.com/frontend-vs-backend/ justmobiledev. (2017, November 12). justmobiledev. Retrieved from HOME: http://justmobiledev.com/token-based-versus- cookie-based-authentication-methods/ Lee, J. (2017, November 14). makeuseof.com. Retrieved from The Pros and Cons of Two-Factor Authentication Types and Methods: https://www.makeuseof.com/tag/pros-cons-2fa- types-methods/
Reference Denis, S. (2018, January 10). protectimus.com. Retrieved from The Pros and Cons of Different Two-Factor Authentication Types and Methods: https://www.protectimus.com/blog/two- factor-authentication-types-and-methods/ DigitalOcean. (2011-2018). django-rest-framework.org. Retrieved from Django Rest Framework: https://www.django- rest-framework.org/#installation Django software, f. (2015-2018). Djangoproject. Retrieved from Django: https://docs.djangoproject.com/en/2.1/topics/auth/customizing/
Reference MICHAEL, C. (n.d.). compukol. Retrieved from Social Media vs Social Networking: https://www.compukol.com/social-media- vs-social-networking/ Samanage. (2014, june 24). samanage.com. Retrieved from What is Multifactor Authentication?: https://blog.samanage.com/it-asset-management/multifactor- authentication-challenges-and-benefits/ Sarita Yardi, N. F. (2008, August 18). Photo Based Authentication using social networks. p. 5.
Reference Sevilleja, C. (2015, January 21). The Ins and Outs of Token Based Authentication. Retrieved from scotch.io: https://scotch.io/tutorials/the-ins-and-outs-of-token-based- authentication sslayo. (2015, october). I Will Create PHP Scripts That Use Any Web Api. Retrieved from fiverr.com: https://www.fiverr.com/sslayo/create-php-scripts-that-use-any- web-api Steven, H. (23, May 2017). Advantages and Disadvantages of Django. Retrieved from hackernoon.com: https://hackernoon.com/advantages-and-disadvantages-of- django-499b1e20a2c5

Recommended

Javacro 2014 Spring Security 3 Speech
Javacro 2014 Spring Security 3 SpeechJavacro 2014 Spring Security 3 Speech
Javacro 2014 Spring Security 3 Speech
Fernando Redondo Ramírez
 
Introduction to OWASP & Web Application Security
Introduction to OWASP & Web Application SecurityIntroduction to OWASP & Web Application Security
Introduction to OWASP & Web Application Security
OWASPKerala
 
Pentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang BhatnagarPentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang Bhatnagar
OWASP Delhi
 
Spring Security 3
Spring Security 3Spring Security 3
Spring Security 3
Jason Ferguson
 
Web application security & Testing
Web application security & TestingWeb application security & Testing
Web application security & Testing
Deepu S Nath
 
Spring Security Introduction
Spring Security IntroductionSpring Security Introduction
Spring Security Introduction
Mindfire Solutions
 
What's New in spring-security-core 2.0
What's New in spring-security-core 2.0What's New in spring-security-core 2.0
What's New in spring-security-core 2.0
Burt Beckwith
 
Spring Security
Spring SecuritySpring Security
Spring Security
Boy Tech
 

Recommended

Javacro 2014 Spring Security 3 Speech
Javacro 2014 Spring Security 3 SpeechJavacro 2014 Spring Security 3 Speech
Javacro 2014 Spring Security 3 Speech
Fernando Redondo Ramírez
 
Introduction to OWASP & Web Application Security
Introduction to OWASP & Web Application SecurityIntroduction to OWASP & Web Application Security
Introduction to OWASP & Web Application Security
OWASPKerala
 
Pentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang BhatnagarPentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang Bhatnagar
OWASP Delhi
 
Spring Security 3
Spring Security 3Spring Security 3
Spring Security 3
Jason Ferguson
 
Web application security & Testing
Web application security & TestingWeb application security & Testing
Web application security & Testing
Deepu S Nath
 
Spring Security Introduction
Spring Security IntroductionSpring Security Introduction
Spring Security Introduction
Mindfire Solutions
 
What's New in spring-security-core 2.0
What's New in spring-security-core 2.0What's New in spring-security-core 2.0
What's New in spring-security-core 2.0
Burt Beckwith
 
Spring Security
Spring SecuritySpring Security
Spring Security
Boy Tech
 
Encoded Attacks And Countermeasures
Encoded Attacks And CountermeasuresEncoded Attacks And Countermeasures
Encoded Attacks And Countermeasures
Marco Morana
 
Spring security
Spring securitySpring security
Spring security
Saurabh Sharma
 
Hacking the Grails Spring Security 2.0 Plugin
Hacking the Grails Spring Security 2.0 PluginHacking the Grails Spring Security 2.0 Plugin
Hacking the Grails Spring Security 2.0 Plugin
Burt Beckwith
 
Spring Security
Spring SecuritySpring Security
Spring Security
Sumit Gole
 
Secure coding practices
Secure coding practicesSecure coding practices
Secure coding practices
Scott Hurrey
 
Server Side Template Injection by Mandeep Jadon
Server Side Template Injection by Mandeep JadonServer Side Template Injection by Mandeep Jadon
Server Side Template Injection by Mandeep Jadon
Mandeep Jadon
 
Spring security jwt tutorial toptal
Spring security jwt tutorial toptalSpring security jwt tutorial toptal
Spring security jwt tutorial toptal
jbsysatm
 
Security asp.net application
Security asp.net applicationSecurity asp.net application
Security asp.net application
ZAIYAUL HAQUE
 
SSO using CAS + two-factor authentication (PyGrunn 2014 talk)
SSO using CAS + two-factor authentication (PyGrunn 2014 talk)SSO using CAS + two-factor authentication (PyGrunn 2014 talk)
SSO using CAS + two-factor authentication (PyGrunn 2014 talk)
Artur Barseghyan
 
[Wroclaw #6] Introduction to desktop browser add-ons
[Wroclaw #6] Introduction to desktop browser add-ons[Wroclaw #6] Introduction to desktop browser add-ons
[Wroclaw #6] Introduction to desktop browser add-ons
OWASP
 
Security in java ee platform: what is included, what is missing
Security in java ee platform: what is included, what is missingSecurity in java ee platform: what is included, what is missing
Security in java ee platform: what is included, what is missing
Masoud Kalali
 
Abusing Exploiting and Pwning with Firefox Addons
Abusing Exploiting and Pwning with Firefox AddonsAbusing Exploiting and Pwning with Firefox Addons
Abusing Exploiting and Pwning with Firefox Addons
Ajin Abraham
 
Java EE Application Security With PicketLink
Java EE Application Security With PicketLinkJava EE Application Security With PicketLink
Java EE Application Security With PicketLink
pigorcraveiro
 
Securing java web applications
Securing java web applicationsSecuring java web applications
Securing java web applications
Jonas Elias Flesch
 
[OPD 2019] Inter-application vulnerabilities
[OPD 2019] Inter-application vulnerabilities[OPD 2019] Inter-application vulnerabilities
[OPD 2019] Inter-application vulnerabilities
OWASP
 
Spring security
Spring securitySpring security
Spring security
sakhibarun
 
Writing Secure Code – Threat Defense
Writing Secure Code – Threat DefenseWriting Secure Code – Threat Defense
Writing Secure Code – Threat Defense
amiable_indian
 
CAS Enhancement
CAS EnhancementCAS Enhancement
CAS Enhancement
Guo Albert
 
Spring Security 5
Spring Security 5Spring Security 5
Spring Security 5
Jesus Perez Franco
 
Agnitio: its static analysis, but not as we know it
Agnitio: its static analysis, but not as we know itAgnitio: its static analysis, but not as we know it
Agnitio: its static analysis, but not as we know it
Security BSides London
 
How to Implement Token Authentication Using the Django REST Framework
How to Implement Token Authentication Using the Django REST FrameworkHow to Implement Token Authentication Using the Django REST Framework
How to Implement Token Authentication Using the Django REST Framework
Katy Slemon
 
Configuring kerberos based sso in weblogic
Configuring kerberos based sso in weblogicConfiguring kerberos based sso in weblogic
Configuring kerberos based sso in weblogic
Harihara sarma
 

More Related Content

What's hot

Encoded Attacks And Countermeasures
Encoded Attacks And CountermeasuresEncoded Attacks And Countermeasures
Encoded Attacks And Countermeasures
Marco Morana
 
Spring security
Spring securitySpring security
Spring security
Saurabh Sharma
 
Hacking the Grails Spring Security 2.0 Plugin
Hacking the Grails Spring Security 2.0 PluginHacking the Grails Spring Security 2.0 Plugin
Hacking the Grails Spring Security 2.0 Plugin
Burt Beckwith
 
Spring Security
Spring SecuritySpring Security
Spring Security
Sumit Gole
 
Secure coding practices
Secure coding practicesSecure coding practices
Secure coding practices
Scott Hurrey
 
Server Side Template Injection by Mandeep Jadon
Server Side Template Injection by Mandeep JadonServer Side Template Injection by Mandeep Jadon
Server Side Template Injection by Mandeep Jadon
Mandeep Jadon
 
Spring security jwt tutorial toptal
Spring security jwt tutorial toptalSpring security jwt tutorial toptal
Spring security jwt tutorial toptal
jbsysatm
 
Security asp.net application
Security asp.net applicationSecurity asp.net application
Security asp.net application
ZAIYAUL HAQUE
 
SSO using CAS + two-factor authentication (PyGrunn 2014 talk)
SSO using CAS + two-factor authentication (PyGrunn 2014 talk)SSO using CAS + two-factor authentication (PyGrunn 2014 talk)
SSO using CAS + two-factor authentication (PyGrunn 2014 talk)
Artur Barseghyan
 
[Wroclaw #6] Introduction to desktop browser add-ons
[Wroclaw #6] Introduction to desktop browser add-ons[Wroclaw #6] Introduction to desktop browser add-ons
[Wroclaw #6] Introduction to desktop browser add-ons
OWASP
 
Security in java ee platform: what is included, what is missing
Security in java ee platform: what is included, what is missingSecurity in java ee platform: what is included, what is missing
Security in java ee platform: what is included, what is missing
Masoud Kalali
 
Abusing Exploiting and Pwning with Firefox Addons
Abusing Exploiting and Pwning with Firefox AddonsAbusing Exploiting and Pwning with Firefox Addons
Abusing Exploiting and Pwning with Firefox Addons
Ajin Abraham
 
Java EE Application Security With PicketLink
Java EE Application Security With PicketLinkJava EE Application Security With PicketLink
Java EE Application Security With PicketLink
pigorcraveiro
 
Securing java web applications
Securing java web applicationsSecuring java web applications
Securing java web applications
Jonas Elias Flesch
 
[OPD 2019] Inter-application vulnerabilities
[OPD 2019] Inter-application vulnerabilities[OPD 2019] Inter-application vulnerabilities
[OPD 2019] Inter-application vulnerabilities
OWASP
 
Spring security
Spring securitySpring security
Spring security
sakhibarun
 
Writing Secure Code – Threat Defense
Writing Secure Code – Threat DefenseWriting Secure Code – Threat Defense
Writing Secure Code – Threat Defense
amiable_indian
 
CAS Enhancement
CAS EnhancementCAS Enhancement
CAS Enhancement
Guo Albert
 
Spring Security 5
Spring Security 5Spring Security 5
Spring Security 5
Jesus Perez Franco
 
Agnitio: its static analysis, but not as we know it
Agnitio: its static analysis, but not as we know itAgnitio: its static analysis, but not as we know it
Agnitio: its static analysis, but not as we know it
Security BSides London
 

What's hot (20)

Encoded Attacks And Countermeasures
Encoded Attacks And CountermeasuresEncoded Attacks And Countermeasures
Encoded Attacks And Countermeasures
 
Spring security
Spring securitySpring security
Spring security
 
Hacking the Grails Spring Security 2.0 Plugin
Hacking the Grails Spring Security 2.0 PluginHacking the Grails Spring Security 2.0 Plugin
Hacking the Grails Spring Security 2.0 Plugin
 
Spring Security
Spring SecuritySpring Security
Spring Security
 
Secure coding practices
Secure coding practicesSecure coding practices
Secure coding practices
 
Server Side Template Injection by Mandeep Jadon
Server Side Template Injection by Mandeep JadonServer Side Template Injection by Mandeep Jadon
Server Side Template Injection by Mandeep Jadon
 
Spring security jwt tutorial toptal
Spring security jwt tutorial toptalSpring security jwt tutorial toptal
Spring security jwt tutorial toptal
 
Security asp.net application
Security asp.net applicationSecurity asp.net application
Security asp.net application
 
SSO using CAS + two-factor authentication (PyGrunn 2014 talk)
SSO using CAS + two-factor authentication (PyGrunn 2014 talk)SSO using CAS + two-factor authentication (PyGrunn 2014 talk)
SSO using CAS + two-factor authentication (PyGrunn 2014 talk)
 
[Wroclaw #6] Introduction to desktop browser add-ons
[Wroclaw #6] Introduction to desktop browser add-ons[Wroclaw #6] Introduction to desktop browser add-ons
[Wroclaw #6] Introduction to desktop browser add-ons
 
Security in java ee platform: what is included, what is missing
Security in java ee platform: what is included, what is missingSecurity in java ee platform: what is included, what is missing
Security in java ee platform: what is included, what is missing
 
Abusing Exploiting and Pwning with Firefox Addons
Abusing Exploiting and Pwning with Firefox AddonsAbusing Exploiting and Pwning with Firefox Addons
Abusing Exploiting and Pwning with Firefox Addons
 
Java EE Application Security With PicketLink
Java EE Application Security With PicketLinkJava EE Application Security With PicketLink
Java EE Application Security With PicketLink
 
Securing java web applications
Securing java web applicationsSecuring java web applications
Securing java web applications
 
[OPD 2019] Inter-application vulnerabilities
[OPD 2019] Inter-application vulnerabilities[OPD 2019] Inter-application vulnerabilities
[OPD 2019] Inter-application vulnerabilities
 
Spring security
Spring securitySpring security
Spring security
 
Writing Secure Code – Threat Defense
Writing Secure Code – Threat DefenseWriting Secure Code – Threat Defense
Writing Secure Code – Threat Defense
 
CAS Enhancement
CAS EnhancementCAS Enhancement
CAS Enhancement
 
Spring Security 5
Spring Security 5Spring Security 5
Spring Security 5
 
Agnitio: its static analysis, but not as we know it
Agnitio: its static analysis, but not as we know itAgnitio: its static analysis, but not as we know it
Agnitio: its static analysis, but not as we know it
 

Similar to validation of user credentials in social network by using Django backend authentication

How to Implement Token Authentication Using the Django REST Framework
How to Implement Token Authentication Using the Django REST FrameworkHow to Implement Token Authentication Using the Django REST Framework
How to Implement Token Authentication Using the Django REST Framework
Katy Slemon
 
Configuring kerberos based sso in weblogic
Configuring kerberos based sso in weblogicConfiguring kerberos based sso in weblogic
Configuring kerberos based sso in weblogic
Harihara sarma
 
Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'
Oliver Pfaff
 
Exploring Advanced Authentication Methods in Novell Access Manager
Exploring Advanced Authentication Methods in Novell Access ManagerExploring Advanced Authentication Methods in Novell Access Manager
Exploring Advanced Authentication Methods in Novell Access Manager
Novell
 
Whys and Hows of Automation
Whys and Hows of AutomationWhys and Hows of Automation
Whys and Hows of Automation
vodQA
 
automation framework
automation frameworkautomation framework
automation framework
ANSHU GOYAL
 
How to build Simple yet powerful API.pptx
How to build Simple yet powerful API.pptxHow to build Simple yet powerful API.pptx
How to build Simple yet powerful API.pptx
Channa Ly
 
Implementing Microservices Security Patterns & Protocols with Spring
Implementing Microservices Security Patterns & Protocols with SpringImplementing Microservices Security Patterns & Protocols with Spring
Implementing Microservices Security Patterns & Protocols with Spring
VMware Tanzu
 
A Case Study of Using Selenium IDE and WebDriver_Word Doc
A Case Study of Using Selenium IDE and WebDriver_Word DocA Case Study of Using Selenium IDE and WebDriver_Word Doc
A Case Study of Using Selenium IDE and WebDriver_Word Doc
Jabeen Shazia Posses H1 B Visa (Jazz)
 
Slides for Automation Testing or End to End testing
Slides for Automation Testing or End to End testingSlides for Automation Testing or End to End testing
Slides for Automation Testing or End to End testing
SwapnilNarayan
 
Distributed Authorization with Open Policy Agent.pdf
Distributed Authorization with Open Policy Agent.pdfDistributed Authorization with Open Policy Agent.pdf
Distributed Authorization with Open Policy Agent.pdf
Nordic APIs
 
MongoDB.local Berlin: App development in a Serverless World
MongoDB.local Berlin: App development in a Serverless WorldMongoDB.local Berlin: App development in a Serverless World
MongoDB.local Berlin: App development in a Serverless World
MongoDB
 
A Review on Two Level Authentication Using Image Selection and Voice Recognition
A Review on Two Level Authentication Using Image Selection and Voice RecognitionA Review on Two Level Authentication Using Image Selection and Voice Recognition
A Review on Two Level Authentication Using Image Selection and Voice Recognition
IRJET Journal
 
Hacking mobile apps
Hacking mobile appsHacking mobile apps
Hacking mobile apps
kunwaratul hax0r
 
Full Angular 7 Firebase Authentication System
Full Angular 7 Firebase Authentication SystemFull Angular 7 Firebase Authentication System
Full Angular 7 Firebase Authentication System
Digamber Singh
 
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker IdentityFederation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
CA API Management
 
Grand tour of Azure API Management.pdf
Grand tour of Azure API Management.pdfGrand tour of Azure API Management.pdf
Grand tour of Azure API Management.pdf
Sherman37
 
apidays Helsinki & North 2023 - API authorization with Open Policy Agent, And...
apidays Helsinki & North 2023 - API authorization with Open Policy Agent, And...apidays Helsinki & North 2023 - API authorization with Open Policy Agent, And...
apidays Helsinki & North 2023 - API authorization with Open Policy Agent, And...
apidays
 
MSWD:MERN STACK WEB DEVELOPMENT COURSE CODE
MSWD:MERN STACK WEB DEVELOPMENT COURSE CODEMSWD:MERN STACK WEB DEVELOPMENT COURSE CODE
MSWD:MERN STACK WEB DEVELOPMENT COURSE CODE
annalakshmi35
 
How to get started with the Pluggable Authentication System
How to get started with the Pluggable Authentication SystemHow to get started with the Pluggable Authentication System
How to get started with the Pluggable Authentication System
Matt Hamilton
 

Similar to validation of user credentials in social network by using Django backend authentication (20)

How to Implement Token Authentication Using the Django REST Framework
How to Implement Token Authentication Using the Django REST FrameworkHow to Implement Token Authentication Using the Django REST Framework
How to Implement Token Authentication Using the Django REST Framework
 
Configuring kerberos based sso in weblogic
Configuring kerberos based sso in weblogicConfiguring kerberos based sso in weblogic
Configuring kerberos based sso in weblogic
 
Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'
 
Exploring Advanced Authentication Methods in Novell Access Manager
Exploring Advanced Authentication Methods in Novell Access ManagerExploring Advanced Authentication Methods in Novell Access Manager
Exploring Advanced Authentication Methods in Novell Access Manager
 
Whys and Hows of Automation
Whys and Hows of AutomationWhys and Hows of Automation
Whys and Hows of Automation
 
automation framework
automation frameworkautomation framework
automation framework
 
How to build Simple yet powerful API.pptx
How to build Simple yet powerful API.pptxHow to build Simple yet powerful API.pptx
How to build Simple yet powerful API.pptx
 
Implementing Microservices Security Patterns & Protocols with Spring
Implementing Microservices Security Patterns & Protocols with SpringImplementing Microservices Security Patterns & Protocols with Spring
Implementing Microservices Security Patterns & Protocols with Spring
 
A Case Study of Using Selenium IDE and WebDriver_Word Doc
A Case Study of Using Selenium IDE and WebDriver_Word DocA Case Study of Using Selenium IDE and WebDriver_Word Doc
A Case Study of Using Selenium IDE and WebDriver_Word Doc
 
Slides for Automation Testing or End to End testing
Slides for Automation Testing or End to End testingSlides for Automation Testing or End to End testing
Slides for Automation Testing or End to End testing
 
Distributed Authorization with Open Policy Agent.pdf
Distributed Authorization with Open Policy Agent.pdfDistributed Authorization with Open Policy Agent.pdf
Distributed Authorization with Open Policy Agent.pdf
 
MongoDB.local Berlin: App development in a Serverless World
MongoDB.local Berlin: App development in a Serverless WorldMongoDB.local Berlin: App development in a Serverless World
MongoDB.local Berlin: App development in a Serverless World
 
A Review on Two Level Authentication Using Image Selection and Voice Recognition
A Review on Two Level Authentication Using Image Selection and Voice RecognitionA Review on Two Level Authentication Using Image Selection and Voice Recognition
A Review on Two Level Authentication Using Image Selection and Voice Recognition
 
Hacking mobile apps
Hacking mobile appsHacking mobile apps
Hacking mobile apps
 
Full Angular 7 Firebase Authentication System
Full Angular 7 Firebase Authentication SystemFull Angular 7 Firebase Authentication System
Full Angular 7 Firebase Authentication System
 
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker IdentityFederation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
 
Grand tour of Azure API Management.pdf
Grand tour of Azure API Management.pdfGrand tour of Azure API Management.pdf
Grand tour of Azure API Management.pdf
 
apidays Helsinki & North 2023 - API authorization with Open Policy Agent, And...
apidays Helsinki & North 2023 - API authorization with Open Policy Agent, And...apidays Helsinki & North 2023 - API authorization with Open Policy Agent, And...
apidays Helsinki & North 2023 - API authorization with Open Policy Agent, And...
 
MSWD:MERN STACK WEB DEVELOPMENT COURSE CODE
MSWD:MERN STACK WEB DEVELOPMENT COURSE CODEMSWD:MERN STACK WEB DEVELOPMENT COURSE CODE
MSWD:MERN STACK WEB DEVELOPMENT COURSE CODE
 
How to get started with the Pluggable Authentication System
How to get started with the Pluggable Authentication SystemHow to get started with the Pluggable Authentication System
How to get started with the Pluggable Authentication System
 

Recently uploaded

Temple of Asclepius in Thrace. Excavation results
Temple of Asclepius in Thrace. Excavation resultsTemple of Asclepius in Thrace. Excavation results
Temple of Asclepius in Thrace. Excavation results
Krassimira Luka
 
Stack Memory Organization of 8086 Microprocessor
Stack Memory Organization of 8086 MicroprocessorStack Memory Organization of 8086 Microprocessor
Stack Memory Organization of 8086 Microprocessor
JomonJoseph58
 
A Visual Guide to 1 Samuel | A Tale of Two Hearts
A Visual Guide to 1 Samuel | A Tale of Two HeartsA Visual Guide to 1 Samuel | A Tale of Two Hearts
A Visual Guide to 1 Samuel | A Tale of Two Hearts
Steve Thomason
 
MDP on air pollution of class 8 year 2024-2025
MDP on air pollution of class 8 year 2024-2025MDP on air pollution of class 8 year 2024-2025
MDP on air pollution of class 8 year 2024-2025
khuleseema60
 
THE SACRIFICE HOW PRO-PALESTINE PROTESTS STUDENTS ARE SACRIFICING TO CHANGE T...
THE SACRIFICE HOW PRO-PALESTINE PROTESTS STUDENTS ARE SACRIFICING TO CHANGE T...THE SACRIFICE HOW PRO-PALESTINE PROTESTS STUDENTS ARE SACRIFICING TO CHANGE T...
THE SACRIFICE HOW PRO-PALESTINE PROTESTS STUDENTS ARE SACRIFICING TO CHANGE T...
indexPub
 
RHEOLOGY Physical pharmaceutics-II notes for B.pharm 4th sem students
RHEOLOGY Physical pharmaceutics-II notes for B.pharm 4th sem studentsRHEOLOGY Physical pharmaceutics-II notes for B.pharm 4th sem students
RHEOLOGY Physical pharmaceutics-II notes for B.pharm 4th sem students
Himanshu Rai
 
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
Nguyen Thanh Tu Collection
 
BIOLOGY NATIONAL EXAMINATION COUNCIL (NECO) 2024 PRACTICAL MANUAL.pptx
BIOLOGY NATIONAL EXAMINATION COUNCIL (NECO) 2024 PRACTICAL MANUAL.pptxBIOLOGY NATIONAL EXAMINATION COUNCIL (NECO) 2024 PRACTICAL MANUAL.pptx
BIOLOGY NATIONAL EXAMINATION COUNCIL (NECO) 2024 PRACTICAL MANUAL.pptx
RidwanHassanYusuf
 
Mule event processing models | MuleSoft Mysore Meetup #47
Mule event processing models | MuleSoft Mysore Meetup #47Mule event processing models | MuleSoft Mysore Meetup #47
Mule event processing models | MuleSoft Mysore Meetup #47
MysoreMuleSoftMeetup
 
CIS 4200-02 Group 1 Final Project Report (1).pdf
CIS 4200-02 Group 1 Final Project Report (1).pdfCIS 4200-02 Group 1 Final Project Report (1).pdf
CIS 4200-02 Group 1 Final Project Report (1).pdf
blueshagoo1
 
Data Structure using C by Dr. K Adisesha .ppsx
Data Structure using C by Dr. K Adisesha .ppsxData Structure using C by Dr. K Adisesha .ppsx
Data Structure using C by Dr. K Adisesha .ppsx
Prof. Dr. K. Adisesha
 
How to deliver Powerpoint Presentations.pptx
How to deliver Powerpoint Presentations.pptxHow to deliver Powerpoint Presentations.pptx
How to deliver Powerpoint Presentations.pptx
HajraNaeem15
 
Benner "Expanding Pathways to Publishing Careers"
Benner "Expanding Pathways to Publishing Careers"Benner "Expanding Pathways to Publishing Careers"
Benner "Expanding Pathways to Publishing Careers"
National Information Standards Organization (NISO)
 
Juneteenth Freedom Day 2024 David Douglas School District
Juneteenth Freedom Day 2024 David Douglas School DistrictJuneteenth Freedom Day 2024 David Douglas School District
Juneteenth Freedom Day 2024 David Douglas School District
David Douglas School District
 
Nutrition Inc FY 2024, 4 - Hour Training
Nutrition Inc FY 2024, 4 - Hour TrainingNutrition Inc FY 2024, 4 - Hour Training
Nutrition Inc FY 2024, 4 - Hour Training
melliereed
 
Chapter wise All Notes of First year Basic Civil Engineering.pptx
Chapter wise All Notes of First year Basic Civil Engineering.pptxChapter wise All Notes of First year Basic Civil Engineering.pptx
Chapter wise All Notes of First year Basic Civil Engineering.pptx
Denish Jangid
 
Haunted Houses by H W Longfellow for class 10
Haunted Houses by H W Longfellow for class 10Haunted Houses by H W Longfellow for class 10
Haunted Houses by H W Longfellow for class 10
nitinpv4ai
 
Elevate Your Nonprofit's Online Presence_ A Guide to Effective SEO Strategies...
Elevate Your Nonprofit's Online Presence_ A Guide to Effective SEO Strategies...Elevate Your Nonprofit's Online Presence_ A Guide to Effective SEO Strategies...
Elevate Your Nonprofit's Online Presence_ A Guide to Effective SEO Strategies...
TechSoup
 
Philippine Edukasyong Pantahanan at Pangkabuhayan (EPP) Curriculum
Philippine Edukasyong Pantahanan at Pangkabuhayan (EPP) CurriculumPhilippine Edukasyong Pantahanan at Pangkabuhayan (EPP) Curriculum
Philippine Edukasyong Pantahanan at Pangkabuhayan (EPP) Curriculum
MJDuyan
 
Présentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptx
Présentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptxPrésentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptx
Présentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptx
siemaillard
 

Recently uploaded (20)

Temple of Asclepius in Thrace. Excavation results
Temple of Asclepius in Thrace. Excavation resultsTemple of Asclepius in Thrace. Excavation results
Temple of Asclepius in Thrace. Excavation results
 
Stack Memory Organization of 8086 Microprocessor
Stack Memory Organization of 8086 MicroprocessorStack Memory Organization of 8086 Microprocessor
Stack Memory Organization of 8086 Microprocessor
 
A Visual Guide to 1 Samuel | A Tale of Two Hearts
A Visual Guide to 1 Samuel | A Tale of Two HeartsA Visual Guide to 1 Samuel | A Tale of Two Hearts
A Visual Guide to 1 Samuel | A Tale of Two Hearts
 
MDP on air pollution of class 8 year 2024-2025
MDP on air pollution of class 8 year 2024-2025MDP on air pollution of class 8 year 2024-2025
MDP on air pollution of class 8 year 2024-2025
 
THE SACRIFICE HOW PRO-PALESTINE PROTESTS STUDENTS ARE SACRIFICING TO CHANGE T...
THE SACRIFICE HOW PRO-PALESTINE PROTESTS STUDENTS ARE SACRIFICING TO CHANGE T...THE SACRIFICE HOW PRO-PALESTINE PROTESTS STUDENTS ARE SACRIFICING TO CHANGE T...
THE SACRIFICE HOW PRO-PALESTINE PROTESTS STUDENTS ARE SACRIFICING TO CHANGE T...
 
RHEOLOGY Physical pharmaceutics-II notes for B.pharm 4th sem students
RHEOLOGY Physical pharmaceutics-II notes for B.pharm 4th sem studentsRHEOLOGY Physical pharmaceutics-II notes for B.pharm 4th sem students
RHEOLOGY Physical pharmaceutics-II notes for B.pharm 4th sem students
 
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
 
BIOLOGY NATIONAL EXAMINATION COUNCIL (NECO) 2024 PRACTICAL MANUAL.pptx
BIOLOGY NATIONAL EXAMINATION COUNCIL (NECO) 2024 PRACTICAL MANUAL.pptxBIOLOGY NATIONAL EXAMINATION COUNCIL (NECO) 2024 PRACTICAL MANUAL.pptx
BIOLOGY NATIONAL EXAMINATION COUNCIL (NECO) 2024 PRACTICAL MANUAL.pptx
 
Mule event processing models | MuleSoft Mysore Meetup #47
Mule event processing models | MuleSoft Mysore Meetup #47Mule event processing models | MuleSoft Mysore Meetup #47
Mule event processing models | MuleSoft Mysore Meetup #47
 
CIS 4200-02 Group 1 Final Project Report (1).pdf
CIS 4200-02 Group 1 Final Project Report (1).pdfCIS 4200-02 Group 1 Final Project Report (1).pdf
CIS 4200-02 Group 1 Final Project Report (1).pdf
 
Data Structure using C by Dr. K Adisesha .ppsx
Data Structure using C by Dr. K Adisesha .ppsxData Structure using C by Dr. K Adisesha .ppsx
Data Structure using C by Dr. K Adisesha .ppsx
 
How to deliver Powerpoint Presentations.pptx
How to deliver Powerpoint Presentations.pptxHow to deliver Powerpoint Presentations.pptx
How to deliver Powerpoint Presentations.pptx
 
Benner "Expanding Pathways to Publishing Careers"
Benner "Expanding Pathways to Publishing Careers"Benner "Expanding Pathways to Publishing Careers"
Benner "Expanding Pathways to Publishing Careers"
 
Juneteenth Freedom Day 2024 David Douglas School District
Juneteenth Freedom Day 2024 David Douglas School DistrictJuneteenth Freedom Day 2024 David Douglas School District
Juneteenth Freedom Day 2024 David Douglas School District
 
Nutrition Inc FY 2024, 4 - Hour Training
Nutrition Inc FY 2024, 4 - Hour TrainingNutrition Inc FY 2024, 4 - Hour Training
Nutrition Inc FY 2024, 4 - Hour Training
 
Chapter wise All Notes of First year Basic Civil Engineering.pptx
Chapter wise All Notes of First year Basic Civil Engineering.pptxChapter wise All Notes of First year Basic Civil Engineering.pptx
Chapter wise All Notes of First year Basic Civil Engineering.pptx
 
Haunted Houses by H W Longfellow for class 10
Haunted Houses by H W Longfellow for class 10Haunted Houses by H W Longfellow for class 10
Haunted Houses by H W Longfellow for class 10
 
Elevate Your Nonprofit's Online Presence_ A Guide to Effective SEO Strategies...
Elevate Your Nonprofit's Online Presence_ A Guide to Effective SEO Strategies...Elevate Your Nonprofit's Online Presence_ A Guide to Effective SEO Strategies...
Elevate Your Nonprofit's Online Presence_ A Guide to Effective SEO Strategies...
 
Philippine Edukasyong Pantahanan at Pangkabuhayan (EPP) Curriculum
Philippine Edukasyong Pantahanan at Pangkabuhayan (EPP) CurriculumPhilippine Edukasyong Pantahanan at Pangkabuhayan (EPP) Curriculum
Philippine Edukasyong Pantahanan at Pangkabuhayan (EPP) Curriculum
 
Présentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptx
Présentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptxPrésentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptx
Présentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptx
 

validation of user credentials in social network by using Django backend authentication

  • 1. NUR IZZATI SHOLEHAH AZLAN 043772 SUPERVISOR: EN. AHMAD FAISAL AMRI ABIDIN @ BHARUN BACHELOR OF SCIENCE COMPUTER (COMPUTER NETWORK SECURITY) WITH HONORS FINAL YEAR PROJECT1 CSF35104
  • 2. VALIDATION OF USER CREDENTIALS IN SOCIAL NETWORK BY USING Title FYP DJANGO BACKEND AUTHENTICATION
  • 3. Process Model-Framework01 Data Model-Logical data02 Proof of concept03 Solution Complexity04
  • 4. Introduction • Authentication backends provide an extensible system. Its allow the ability to change the method to checks user credentials. • This project is leveraged Django framework due to it is comes with a user authentication system which consist of backend authentication. • Apply token based authentication in backend authentication .
  • 5. Problem statement • Every time a user is authenticated, the server will need to create a record somewhere on our server. This is usually done in memory and when there are many users authenticating, the overhead on your server increases. Username and password not secure because cookies can be accessed by the server by parsing the Cookie HTTP request header. • Need to hook into another authentication source – another source of usernames and password or authentication methods.
  • 6. OBJECTIVE  To study validation of user credentials in social network focusing on backend authentication.  To configure a Django framework platform for authentication backend server.  To integrate token based authentication technique as integral part of Django based authentication backend server.  To test Django framework backend authentication in social network.
  • 8. 1) Install Python and Django 2) Configure Django and Django Rest Framework 3) Configure Django framework platform for authentication backend server 4) Integrate token-based authentication technique as integral part of Django based authentication backend server 5) Build an API6) Backend server connect an API and request check credential 9) User got token 7) Social network validates user credential and sent back to backend using API. 8) Django framework Backend server communicate with user
  • 9. Social network application If valid credentials Data model Request credentials yes Client stores that token and sends it along with every request Start Got token no Backend server Validated from Django.contrib.admin Django.contrib.auth Rest framework End If Server Verifies token yes no
  • 10. Proof of concept Django is Python web framework Pip(Package manage for python) Virtualenv(Provide a dedicated environment for each Django project)
  • 11. Proof of concept Install Django use pip
  • 12. Proof of concept Use PyCharm manage.py • DJANGO_SETTINGS_MODULE
  • 14. Proof of concept Run the server manage.py on the project
  • 15. Proof of concept Development server is running at
  • 16. Django Rest Framework . • Django Rest Framework, one of the most popular python package meant for Django to develop rest api’s and it made things really easier from authentication to responses each everything
  • 17. Proof of concept Install Django using pip Markdown Django- -filter
  • 18. Proof of concept Then create a dedicated migration file and migrate ch ange to the project database.
  • 22. Proof of concept Check the server if have error with the code.
  • 23. Proof of concept Login Django with the password you set in the server.
  • 27. Reference Felix. (2014, April 23). felixthea. Retrieved from Frontend vs Backend: Learn Before Hiring a Freelance Developer: http://felixthea.com/frontend-vs-backend/ justmobiledev. (2017, November 12). justmobiledev. Retrieved from HOME: http://justmobiledev.com/token-based-versus- cookie-based-authentication-methods/ Lee, J. (2017, November 14). makeuseof.com. Retrieved from The Pros and Cons of Two-Factor Authentication Types and Methods: https://www.makeuseof.com/tag/pros-cons-2fa- types-methods/
  • 28. Reference Denis, S. (2018, January 10). protectimus.com. Retrieved from The Pros and Cons of Different Two-Factor Authentication Types and Methods: https://www.protectimus.com/blog/two- factor-authentication-types-and-methods/ DigitalOcean. (2011-2018). django-rest-framework.org. Retrieved from Django Rest Framework: https://www.django- rest-framework.org/#installation Django software, f. (2015-2018). Djangoproject. Retrieved from Django: https://docs.djangoproject.com/en/2.1/topics/auth/customizing/
  • 29. Reference MICHAEL, C. (n.d.). compukol. Retrieved from Social Media vs Social Networking: https://www.compukol.com/social-media- vs-social-networking/ Samanage. (2014, june 24). samanage.com. Retrieved from What is Multifactor Authentication?: https://blog.samanage.com/it-asset-management/multifactor- authentication-challenges-and-benefits/ Sarita Yardi, N. F. (2008, August 18). Photo Based Authentication using social networks. p. 5.
  • 30. Reference Sevilleja, C. (2015, January 21). The Ins and Outs of Token Based Authentication. Retrieved from scotch.io: https://scotch.io/tutorials/the-ins-and-outs-of-token-based- authentication sslayo. (2015, october). I Will Create PHP Scripts That Use Any Web Api. Retrieved from fiverr.com: https://www.fiverr.com/sslayo/create-php-scripts-that-use-any- web-api Steven, H. (23, May 2017). Advantages and Disadvantages of Django. Retrieved from hackernoon.com: https://hackernoon.com/advantages-and-disadvantages-of- django-499b1e20a2c5