Cybersecurity

April 2, 2024

Cybersecurity in AllDay

Considering the importance of the information that AllDay needs in order to fulfill its goal, the website’s database requires a number of layers of protection, resulting in the exploration and development of the cybersecurity field.

First of all, as any service that uses user authentication, it is imperative that the means in which the data transferred and stored are safe. To provide safe navigation from the session to the database the code uses JWT (JSON Web Token), which assures the database that the connection is safe, acting as a session token and a way of mapping every request. Storing passwords directly into the database can be a big security risk, which is why the back-end uses encryption before storing, so even if someone can access the information in the database, they can not exploit it. Because any risks have to be eliminated, the IP addresses are stored in the same way.

Second of all, a more complex and scientifically intriguing manner of using cybersecurity at its fullest is the way in which the algorithm acquires users’ IPs. Because of high-risk security reasons, websites can not get information about the device that is using them, so other ways had to be found to communicate with the user. For example, making a low-level session between the server and the device (by hosting a page from the website locally) can get the information needed. Of course, before taking any form of action, the users will be notified. 

This shows the paths that should be followed in order to ensure the cybersecurity of this website (with tokens and encryptions), as well as some ways of displaying the capabilities of this field, by developing unique methods of communication.