this is for holding javascript data
Alec Aivazis edited Since_we_need_a_way__.html
over 8 years ago
Commit id: 4a4b93bfac45882571140168048697cf12f0d7c0
deletions | additions
diff --git a/Since_we_need_a_way__.html b/Since_we_need_a_way__.html
index 3c2b84a..ca110d6 100644
--- a/Since_we_need_a_way__.html
+++ b/Since_we_need_a_way__.html
...
Since we need a way of performing authentication logic on the client, special care needs to be made to protect our application from a malicious user interacting with the developer console present in all modern browsers. One possible security vulnerability is the escalation of a globally stored user user role. This would cause the hacker to view a part of the website that he was forbidden
to. Also, I just want to make it clear: even if a perfect solution is found for this vulnerability, server endpoints still need to verify the request. The client can never be trusted and performing crypto on the browser is a bad idea.
to.