|
|
|
|
|
|
by fendy3002
1708 days ago
|
|
|
OTOH, the raise of ajax-based calls IMO become the main culprit for broken access or unsafe information leak. With SSR, we only need to limit rendered information and we're fine. Now we need to limit the json (or xml if soap) response. If we need a condition based on protected data, we need to have additional, derived (computed) property for it and there isn't a standard way to do it, then make the view to condition based on that derived value. That process is too alluring to be skipped and many choose to just breach the security and deal with them later, unless you have different team managing front and back. |
|
|