[aerogear-dev] Revisiting the TODO app
Bruno Oliveira
bruno at abstractj.org
Tue Feb 26 19:54:00 EST 2013
Hi guys, I'm revisiting our TODO app and I would like to know if it's possible to remove roles and loggedIn attributes from app.js. Why? Currently the access control trusts on local storage (https://github.com/danbev/TODO/blob/master/client/src/main/webapp/js/app.js#L255) and not on HTTP status responses from the server (correct me if I'm saying something wrong here) and in nowadays "loggedIn" should be considered useless, because we will trust on HTTP sessions.
Am I wrong? Control it on the client side is easy to bypass.
--
"The measure of a man is what he does with power" - Plato
-
@abstractj
-
Volenti Nihil Difficile
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20130226/05a6e41f/attachment.html
More information about the aerogear-dev
mailing list