Backend Developer.Interested in creating scalable & secure platforms.Let's create the web better.
Any frontEnd code is inherently insecure. Sure the app ecosystem of IOS, Android, etc is more locked down and reverse engineering computer code into something human-readable is a huge pain in the ass but it’s still doable. The point is, you can never trust the client. This is why OAuth and other authentications were made. Principally the frontEnd manages state while the backEnd gives and takes your data and authorizes data access. Assuming your FrontEnd is compromised and API endpoints are exposed, this doesn’t mean anything because without the right JWT or whatever you can’t get or give data from the API anyway. And if the frontEnd is compromised, a big deal if you can fake manage state. The FrontEnd should never be your source of truth.
Create your free account to unlock your custom reading experience.