Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
@code-god thanks. a hacker inserted thousands of documents into my database. that freaked me out.
-
tahnik387587y@nikolatesla I would use cloud functions to verify the data before inserting into my database.
-
yusijs12507yYes, use jwt - most frameworks has plugins for it, and (mostly) easy on the backend as well, depending on your stack.
-
Tribex677ySure, JWTs are great, and fairly simple, but make sure you know what you're doing first, as if you don't you can easily shoot yourself in the foot. Don't worry, the theory behind it is really easy to grasp.
-
yusijs12507yYeah, what @Tribex said cant be stressed enough - jwt's can be faked easily, so make sure they are validated serverside. :)
-
Always validate server side. Never ever trust user input, especially not when you have some (rest) api on back end.
Related Rants
Securing my single-page-app. Fuck it. Fucking how? Fuck.
undefined
cookies
session. i dont understand
no refresh
browser
csrf
express
node
csurf
fuck
react