Hi guys, I'm revisiting our TODO app and I would like to know if it's possible to
remove roles and loggedIn attributes from app.js. Why? Currently the access control trusts
on local storage
(
https://github.com/danbev/TODO/blob/master/client/src/main/webapp/js/app....) and not
on HTTP status responses from the server (correct me if I'm saying something wrong
here) and in nowadays "loggedIn" should be considered useless, because we will
trust on HTTP sessions.
Am I wrong? Control it on the client side is easy to bypass.
--
"The measure of a man is what he does with power" - Plato
-
@abstractj
-
Volenti Nihil Difficile