I
I
Ivan Stroykin2017-07-12 11:40:34
Angular
Ivan Stroykin, 2017-07-12 11:40:34

How to wrap user roles in a separate protected file?

Good day,
The application has roles for which I have registered access to both sections and certain parts of the section. Everything works well, but when changing accesses or adding / removing a role, running through all the files is not "ice". Therefore, I decided to put all the roles in JSON so that you can easily make changes in one place. So far, only storing the file in assets came to mind, or taking it when initializing the application from the backend (preferably). But if you use JSON, then it will be in the public domain and easy to change (too easy). Does anyone have any ideas on how to wrap this up better? Maybe some kind of encryption? Thanks

Answer the question

In order to leave comments, you need to log in

1 answer(s)
A
Alexey Blyshko, 2017-07-12
@StivinKing

In the general case, the problem of access control is solved on the backend - directly at the data access level.
If this is done, json will also work on the front - if the attacker replaces it, he will not receive profit from this - even if he enters the closed section, he still cannot do anything.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question