If your inbox looks anything like mine, it’s currently full of messages from companies updating their privacy policies and terms of service. This is mainly due to a newly adopted EU regulation, the General Data Protection Regulation or GDPR, which goes into effect on May 25, 2018. The GDPR grants a set of “digital rights” to EU citizens, including a “right to erasure.” Basically, this means a user can request that their data be deleted, and there can be substantial fines if a company is not able to honor these requests.
In this post, we’ll show how to set up webhooks in Passport to delete all of a user’s data when they delete their account. In Passport, webhooks are used to subscribe or listen to events in the system, so we’ll create a webhook that listens to the
If you follow us on Twitter (if you don’t, you can fix that now) you’ll notice that we post about data security breaches hitting the internet community. We don’t do it to be malicious or gloat about their failures, but to increase awareness beyond the core community of security professionals. Keeping computer systems secure is a complex challenge, and few people are well-versed in its many facets and subtleties. We deal with security every day with our customer identity and access management platform Passport, so we encourage as much discussion as possible to hear current trends and risks. We hear all the time “We just need to lock it down” or even worse “See? You can’t stop cyber breaches.” Fortunately, neither of these are true.
Storing user data in Passport is not difficult and can save data essential to a user’s experience. This article will walk you through the basic steps of storing and retrieving user data in Passport.
To get started, clone or download the Passport example template from GitHub. If you want to follow along with this how to, you’ll need to have node and npm installed on your machine. (It should work with older versions, but we used node v8.9.4 and npm 5.6.0 which are the current stable releases at the time of writing.)
Software security is a big deal (167 million LinkedIn user account details are currently for sale on the dark web). Most applications fail to secure user data sufficiently, leaving them vulnerable to attacks resulting in dire consequences.
To combat this issue, we are excited to announce the release of our complete 2016 Guide to User Data Security. The guide compiles everything our development team knows about server and application security and delivers step-by-step code to help you secure your user data. It covers key concepts such as server architecture, firewalling, intrusion detection, password security, two-factor authentication, social hacks, SQL injections and more.