Abstract
In almost every organization where user sensitive data is available, security and privacy of the data plays a vital role. As storage of these information is overhead in database, Tokens are generated which handles sessions and also self contains user details. One of such widely used stateless token is Json Web Token. This paper deals with the research that follows implementation of authentication and authorization technique using JSON web token which will make web service a role based one .In the project under taken, Json web token is generated in a more secured way by choosing the secret key for web token wisely. Usually key for the token was a mere string or the set of keys stored in a key ring in the database and used alternately for the users to create the token. Or one more trial model is created where captcha was used in short a random number was generated and used as secret key for token generation but the main issue was increased storage. Thus storage is tried to reduce also less predictive secret key is generated in this project.
Highlights
Major drawback is that if a user who already visited our The pseudo-code of the token creating the signature is as website, his details are not stored in the token each time follow: authentication must be done and to do so, database should be accessed each time so the database hit must occur which is a major overhead.In order to avoid this overhead a different set of tokens are developed which itself stores all the user information required for authentication and authorization
Json web token used in this project considers all the security issues and tries to reduce the attacks caused on json web Fig. 20
The vital part is the secret key of the token
Summary
Technology has evolved immensely. As the world is becoming more and more digitally active, there is great need of Internet. Major drawback is that if a user who already visited our The pseudo-code of the token creating the signature is as website, his details are not stored in the token each time follow: authentication must be done and to do so, database should be accessed each time so the database hit must occur which is a major overhead.In order to avoid this overhead a different set of tokens are developed which itself stores all the user information required for authentication and authorization Which means they are self contained token and no need to go to database and fetch customer data just to authenticate and authorize. Instead the self contained token having information such as username password expiry date or time of the token etc should be attached with the each database request raised by the user, authorization which is done during every click of the user, can be made easy and the database access
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
