My question is about entering a modern interface:
in the old server-side rendering methods - I would authenticate the user login to the backend and display the entire html page that fits the user who is logged in.
but now with the foreground frameworks - I give the user all the possible pages when I first enter the site, and then displays the correct page for him in my browser.
as far as I understand it now - to enter the user’s system in the interface structure, I need to save a variable indicating that it is authenticated (and, possibly, even its role in the case of the administrator) in localStorage, and so when im building the pages, I just need to ask if this variable is in localStorage, find out if the user is registered, and if his role is admin, and in case both are true, I show him all the administrator’s functionality.
however, this means that if I was a hacker, all I had to do was manually add this variable to my localStorage and then see all the administrator’s functionality.
which brings me to my question - is there a better way to authenticate a user in today's interface? or should I let the hacker see all the administrator’s functionality and can only protect them from being used by an unauthorized user in the backend only?
source
share