|
|
|
|
|
|
by mooreds
1256 days ago
|
|
|
Gotcha. There are still security concerns with the UI, but I agree, offloading the heavy lifting of password hashing, preventing enumeration attacks, and algorithm selection to a dedicated system makes sense. Authorization is a whole other ball of wax. You can sometimes get by with RBAC, but it is far more often entangled with business logic. I've seen a set of new companies that offer outsourced authorization like permit.io and cerbos, and for an app of a certain complexity, think they are worth evaluating. |
|
|