DEV Community


Discussion on: Make one resolution this year. Never write your own Authentication

matthewpalmer9 profile image
Matthew Palmer

There is definitely a problem with suggesting we leave it to other companies as though we are incapable of the security ourselves. The truth of the matter is that those companies are "reinventing the wheel." There are backend frameworks, such as Ruby on Rails, built to maintain security through password hashing, automatic CSRF attack protection, JWT web token gems, and pretty much all.the security you need. Front-end libraries like React also take care of security measures on the client-side.

If you suggest we "leave it to the experts" persay, you're leaving no room for aspiring developers to become that expert. There is a lot of value in encouraging people to not only understand how to use the technology, but also WHY it works the way it does.

jordanfinners profile image
Jordan Finneran Author

I would never say that people are incapable of it, there are plenty of people and applications that do a great job!
However, I would rather (and encourage everyone to) spend time building the value that my application provides than setting up auth every time and all the associated things that need thinking about. :)

I would encourage everyone to read and play around with learning how authentication works and the principles, however that is not a reason to roll your own out into production.

Forem Open with the Forem app