Answer the question
In order to leave comments, you need to log in
V
V
veryoriginalnickname2021-08-27 17:38:24
veryoriginalnickname, 2021-08-27 17:38:24
Is it safe to do two types of authorization?
Let's say API /user/login. The request comes with username, password and authType. If authType = "cookie", then the token comes in the form of a cookie. If authType = "direct", then the token comes in the form of JSON {token: token}. SPA will use this API, and will log in through authType cookie. The second type of authorization (non-cookies) is purely just in case you suddenly want to make an application for a smartphone or something. Question: Is it safe to do all this like this?
1 answer(s)
@veryoriginalnickname
Do not torment yourself in one place. When necessary, add another type of authorization. When adding “just in case”, you get unused code that needs to be constantly maintained (and it’s not a fact that it will ever be used). And if you just add it and score on support, then this method will become a potential vulnerability.
O
oleg_ods, 2021-08-27 @veryoriginalnickname
The second type of authorization (non-cookies) is purely just in case
Do not torment yourself in one place. When necessary, add another type of authorization. When adding “just in case”, you get unused code that needs to be constantly maintained (and it’s not a fact that it will ever be used). And if you just add it and score on support, then this method will become a potential vulnerability.
Similar questions
K
kolya7472020-06-29 07:56:03
How can I watch TV channels in Ural time while in another region?
0Reply
A
L
A
D
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question