Software Engineering Stories

Sooner or later, it is almost inevitable that a software engineer comes across the challenge of creating a user registry to store users, user attributes, user credentials and authentication / authorization activities. It is a very common need since most applications, especially  Web and mobile  ones,  require such functionality, however there are quite a few pi tfalls in building a secure registry that will resist external and internal attacks. And it will attract attackers since it is one of the most critical component  of an application / platform  were sensitive data are stored. Nowadays, there are offerings by cloud providers to create your user registry on their platforms or use OAuth to accept users from other applications, instead of storing their credentials in your premises. Also, there are of course, COTS solutions to run on-premises. Such solutions are definitely a valid way to avoid a significant number of concerns that you have when you build a...