How should I make logins & backend?

I'm a noob at backends, can someone help me make and config a backend for secure logins and users posts? (I'm not talking about making a forum, that I understand would be easier with prepackaged software)
Google logins? HTTPS is done, what else for security? How databases work??
Also my site has somewhat limited performance and storage so I need to keep it light.
No bells and whistles.
Yet.

Minimal security would probably require:
- Passwords to be hashed.
- Use un-guessable tokens (this is VERY important - if someone can guess the token they can log in as that user) to keep track of the user's session.
- Prevent Cookies from being accessed through JS.
- Always HTTPS.
- SQL injection and XSS injection attacks need to be taken into account.
- Some sort of brute force prevention - To avoid having to implement it at the application level, you can always use fail2ban (I don't know if there's anything else out there).

@aghost7 is correct, but it sounds like you want something as easy as possible using Google logins or similar will leave the authentication, password storage etc to someone else. They would have documentation to explain the process of setting it all up. Security is your top consideration, owasp.org is a great resource for the sorts of things you need to consider.

Sounds like your asking how your create a backend of a website. Why do you want people to be able to login?

What goals do you have for the site?

Throw us a bone here. What are you doing? Do you have ANY idea what your stack is going to look like? What are your end goals for this project? What sort of programming experience do you have?

There are countless databases, web frameworks, server stacks, authentication methods, programming languages, libraries and hashing algorithms and middlewares and everything else you can imagine.

What things do you already have in place?

1 Like

You should give Auth0 or Stormpath a try (I'd recommend Auth0 to start.)
Auth0 in particular is free for the first 7000 users which is more than any hobby project suite will need, and also supports 3rd party logins through services such as Google and Github.

A performant and secure authentication provider is not an easy task especially for a beginner. You'd just be putting whatever you're securing at risk.