this is for holding javascript data
Alec Aivazis added This_is_a_different_type__.html
over 8 years ago
Commit id: 8d54a00e03cd5e27cf6b2b659458085034660d4f
deletions | additions
diff --git a/This_is_a_different_type__.html b/This_is_a_different_type__.html
new file mode 100644
index 0000000..b26ad13
--- /dev/null
+++ b/This_is_a_different_type__.html
...
This is a different type of network vulnerability than the traditional three (
xss,
csrf, and
man in the middle) that arises due to the nature of SPAs. Previous paradigms did not have this problem because they could authenticate every request using traiditional methods and prevent the user from going somewhere they shouldn't. Even if one were to have a solution for this (in light of the malicious browser), we would still still authenticate backend endpoints to prevent data from leaking. So is this extra step absolutely necessary? No. But it keeps the request times very low and adds an additional level of security which is never a bad thing.