Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
C
C
Crash2018-06-07 18:20:46
Backend
Crash, 2018-06-07 18:20:46

How to secure a project with a completely separate front-end and back-end?

I am working on a project in which the front and back parts are completely separated, located on different servers and communicate with each other exclusively through the API. The frontend is written in React by another developer.
I am responsible for the backing, I had no experience of working with such a scheme before.
Accordingly, I am concerned about security issues, tk. this is my area of ​​responsibility.
In particular - how to make authentication secure?
So far I have done this: for example, when logging into a personal account on the server, a token is generated and stored in the database, given to the front, it saves it in cookies or local storage, with each GET or POST request, this token is transmitted to the back, compared with what is saved in the database and if it is found, then further actions are allowed. The token is associated with a user ID and has a limited lifetime.
How safe is it and how to protect yourself from request forgery in general?
What other security issues need to be addressed?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
A
Alexander Aksentiev, 2018-06-07
@Bandicoot

What other security issues need to be addressed?

Exactly everything is the same as with a monolithic application.
write normal code without holes in the form of sql injections and all that.
It doesn't matter if it's fake or not.
Requests look the same when sent from the site, and if sent, for example, by some "intruder" script.
If you need protection, then do an authorization check and a limit on the number of requests.
You won't do anything else.
In general, the separation does not turn the entire site upside down, it is still the same site with standard "threats" and protection against them.

Report
M
marataziat, 2018-06-07
@marataziat

1. It would be good to read OWASP.org to know what SQL injections and XSS are.
2. Stop making a bike, when you make it again and again, the likelihood of crap increases, so use frameworks. For example django-rest-framework

Similar questions
R
rockdev2015-06-01 15:03:33
Which server technology to choose for freelancing? 7Reply
E
ettaluni2021-04-25 14:03:55
What to use for PHP development? Vagrant, Ansible or Docker? 2Reply
T
thethanosdaddy2021-05-01 14:25:11
What protocol should be used to transfer data between "microservices"? 1Reply
A
Abc Edc2015-07-28 10:21:18
Is it possible to make authorization for mobile applications without cors? 1Reply
S
SKEPTIC2019-12-21 23:08:53
Website backend in exotic languages ​​for this case like C, C++? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question