Authenticate every interaction

- [Instructor] Authentication is a big enough subject that we have several courses on the topic. So rather than going to specifics, I'm going to focus on some general best practices, or rather one general best practice that will dramatically increase the security of anything you're developing. Authenticate every interaction. That sounds a bit extreme, doesn't it? Well, not if you stop and think about it. Consider your regular modern web-app as an example. Running with an SSL certificate over HTTPS, there's already a base level of authentication built in. The browser creates an authenticated session with the server, and all transactions are encrypted between the two. So even if someone just visits an application through a web browser or standalone app, they are, in a general and non-specific way, being authenticated. This base level of authentication ensures nobody can inject themselves into the conversation between the…