Authentication & Authorization
Implement robust authentication and authorization mechanisms for processes and users accessing your Erlang services.
AuthN & AuthZ Explained
In distributed systems, knowing who is accessing your services and what they are allowed to do is critical for security. This is where authentication and authorization come in.
- Authentication (AuthN): Verifies the identity of a user or process. It answers the question, "Who are you?"
- Authorization (AuthZ): Determines if an authenticated user or process has permission to perform a specific action or access a resource. It answers, "What are you allowed to do?"
They work hand-in-hand to secure your Erlang applications.
Identifying Users
For user authentication, we typically verify credentials like a username and password. In Erlang, you might have a dedicated service (often a GenServer) responsible for managing user accounts and validating login attempts.
This service would receive a login request, check the provided credentials against stored data, and respond with either success or failure. On success, it might issue a session ID or token.
All lessons in this course
- Secure Node Communication (TLS)
- Authentication & Authorization
- Protecting Sensitive Data
- Hardening the Distribution Cookie & Node Access