Hey guys I have a bit of a conceptual block here.The webapp I'm building will let users login, and add stuff to their "profile".My question is how do you ensure that user 123 is only able to send queries using their ID as a user ID? In theory you can't fully trust anything the user has control over, cookies, React states, etc.While a user is logged in, is there some way to store authenticated session variables in the backend or something? That way instead of getting the "user id" variable to use in queries from something the user can edit, it's from a secure place that authenticated them to use that user ID.Or am I just overthinking this?
Submitted June 23, 2019 at 05:38PM by g3t0nmyl3v3l
No comments:
Post a Comment