this is for holding javascript data
Alec Aivazis edited untitled.html
over 8 years ago
Commit id: 840b36ece77f2dd012fb5d5de1f3dc81d175e593
deletions | additions
diff --git a/untitled.html b/untitled.html
index f131c92..d231de7 100644
--- a/untitled.html
+++ b/untitled.html
...
In a single page app, all of the decisions about what view/subview to render occurs on the client and does not require a trip back to the server.
This means that the client has to be able to authenticate the currently logged in user and access its data without going back to the server
We have to store information concerning the logged in user in such a way that we can trust it.
target="_blank" href="http://">JWTs are good because they allow for the client to be responsible for keeping track of the permissions of the currently logged in user.
However JWTs require a secret key to be decrypted which means it can't happen on the frontend with the same key that the server uses, say for its target="_blank" href="http://">csrf protection.
brute-forcible.
Because of this it's clear that we need to have unencrypted way of viewing the local authentication data for use by the application logic
Special care needs to be made to prevent someone interacting with the developers console to be able to change the local authentication data in order to gain access to restricted parts of the code by elevating their permissions