Reputation: 13
Can I Manage User Roles In just JavaScript?
hi everyone :) I'm currently a front-end beginner and I'm wondering if I could manage users authorities by JavaScript code alone? I want to create a simple Student Management System with Log in Features, with admin who have the full authority to manage the students data (add, delete, update)& other users can only log in and read. it that possible in the Clint-side? or it's server-side only?
Upvotes: 1
Views: 627
Answers (1)
Reputation: 7455
If your access control implementation is done only on client-side it means that it will be relatively easy for an attacker (even for beginner one) to get access to the functionality you want to hide:
- Since source code of the app is available, hacker can make changes in it and reveal all the hidden things or remove all the checks/condition you implemented.
- Moreover, if all the security logic is located in client-side JS, then your back-end is not protected, so hacker may simply make calls to your API and do whatever he needs even without using front-end at all.
In conclusion, such approach is reasonable only for demo projects or proof of concept, but not for the applications available for public.
Upvotes: 1
Related Questions
- Role based authorisation for Node js or Express js
- Rolebased logins using only Javascript
- ASP.NET Identity - Using Roles with JavaScript Functionality
- Strategies to filter UI by role in a client side app
- privilege dropping possible in Javascript?
- How can I map users to roles and execute code accordingly in javascript?
- Role Based Security in JavaScript in RIA
- Accessing user roles client side
- Determine a user's role, set via PHP, in Javascript
- Tip on building a role-based security module for rich user interfaces (Using Extensive Javascript/JQuery)?