DEV Community

Adam Crockett 🌀
Adam Crockett 🌀

Posted on

Client side user details, what is okay?

I have been hoping to bring some convenience to a shop I'm building. My day job is security based but what I am about to ask hasn't really been exploded yet. Client side login or in other words device based login. How safe is it to use this as a sort of 2 stage profile. You can login without a password but and store your name and maybe view recent orders. However to actually edit sensitive details or make purchases you need to enter a password which will go to a server for processing.

Is this silly complex?

Top comments (5)

Collapse
 
manishfoodtechs profile image
manish srivastava

The idea is good. Device specific!!!
Simplest method I can think is use of localstorage or indexdb of browser .
Anyways, how you are proceeding ?

Collapse
 
adam_cyclones profile image
Adam Crockett 🌀

I was going to go with an abstraction of indexdb anyway, PouchDB, its nice because it can sync to a server with CouchDB installed which should come in handy. It might be good to track sessions and revoke devices, that sounds like fun to build too.

A little more on the stack:
Everything global is being managed by xstate state machines library then rendered with lit-html, the server itself is a Rust based Actix web server.

Its a shame I cant just use webauthn and be done with it but my macbook doesn't seem to support it :(.

I guess that I would be going for something like the mac preferences but with the padlock at the bottom. all restricted actions will require full login.

Collapse
 
manishfoodtechs profile image
manish srivastava • Edited

I think browser is culprit not MacBook
😁. Apart from indexdb, two more experiments I can suggest:

  1. Use service worker java script to cache some informations in browser itself. This should be in html or text file. ( I have never tried this)
  2. Fetch the device Mac address as login of client. Get some permissions from client to show some data and bla bla... So next time whenever he browses your webapp, match Mac address with Mac address stored and show whatever you want...
Thread Thread
 
adam_cyclones profile image
Adam Crockett 🌀

Wonderful suggestions and thank your not going to the client is insecure route as many might without fully reading my intent. I'm seeing the web is moving this way very quickly, cars, speakers, fridges all on the edge authentication, what a time to be alive!

Thread Thread
 
manishfoodtechs profile image
manish srivastava