In our previous tutorial we statically coded a set of user credentials in our API but this will not suffice for a real-world application. In a true back-end application we would be required to make use of a data source with which to retrieve and verify credentials and profile information.
Storing sensitive information on disk in mechanisms such as databases present challenges as to the security of the information. Whilst there are many information security mechanisms available at a price our basic API will make use of password hashing to protect at least the user’s password.
In addition to a significantly improved password hashing mechanism we also extend the API by making use of an adapter-based ORM. In our implementation we will make use of Waterline which is an excellent API providing adapter-based access to various data sources. This is greatly beneficial as it means the same routines and procedural code in our application will provide us with access to data sources such as MySQL, Postgres, Oracle and other engines purely by making use of the adapters.
Up Next: Implementing the Model