iron-router-auth icon indicating copy to clipboard operation
iron-router-auth copied to clipboard

Published 20 hours ago verified publisher icon xpressivecode

Client-side authentication?

Open Sebl29 opened this issue 10 years ago • 2 comments

Hi,

I just did have short look at this github-project. You are adding "lib/iron-router-auth.js" on the client side. So a user only needs to comment some javascript lines and the routing would work without any restrictions. Am I right? Cheers, Sebl

Sebl29 avatar Jul 21 '14 11:07 Sebl29

This is not real authentication, it's more of a convenience package to either redirect or render something else depending on if the user is logged in or not, sure the user can comment some javascipt to access the "regular" template instead as if logged in, but the users wouldn't be logged in and if you secure your data the template should be empty or only filled with public data.

@XpressiveCode, correct me if i'm wrong

zimme avatar Jul 28 '14 21:07 zimme

"user only needs to comment some javascript lines and the routing would work without any restrictions." - yes, that is all browser code. Security only exists in methods and publications.

MichaelJCole avatar Oct 18 '16 15:10 MichaelJCole