this is for holding javascript data
Alec Aivazis edited untitled.html
over 8 years ago
Commit id: ab5a4cd392d88f22dd5c5aca22b04aba0ced8871
deletions | additions
diff --git a/untitled.html b/untitled.html
index dae5796..0558a2c 100644
--- a/untitled.html
+++ b/untitled.html
...
In a single page app, all of the decisions about what view/subview to render occurs on the client. This means that ideally the client would be able to authenticate the currently logged in user on transitions to sensitive pages and access its data without going back to the server. This blog post summarizes my attempts at adding an additional layer of security to my locally stored authentication information. Also, I just want to make it clear: server endpoints still need to verify the request. The client can never never be trusted.
trusted and performing crypto on the browser is a bad idea.