I think part of the idea here was to limit the requests to the server. Although this app
was created when the libs were in flux. It is probably more correct in terms of security
to "phone home" , that is until we have some sort of encryption client side,
maybe
On Feb 26, 2013, at 7:54 PM, Bruno Oliveira <bruno(a)abstractj.org> wrote:
Hi guys, I'm revisiting our TODO app and I would like to know if
it's possible to remove roles and loggedIn attributes from app.js. Why? Currently the
access control trusts on local storage
(
https://github.com/danbev/TODO/blob/master/client/src/main/webapp/js/app....) and not
on HTTP status responses from the server (correct me if I'm saying something wrong
here) and in nowadays "loggedIn" should be considered useless, because we will
trust on HTTP sessions.
Am I wrong? Control it on the client side is easy to bypass.
--
"The measure of a man is what he does with power" - Plato
-
@abstractj
-
Volenti Nihil Difficile
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev