I have been hoping to bring some convenience to a shop I'm building. My day job is security based but what I am about to ask hasn't really been exploded yet. Client side login or in other words device based login. How safe is it to use this as a sort of 2 stage profile. You can login without a password but and store your name and maybe view recent orders. However to actually edit sensitive details or make purchases you need to enter a password which will go to a server for processing.
Is this silly complex?
Top comments (5)
The idea is good. Device specific!!!
Simplest method I can think is use of localstorage or indexdb of browser .
Anyways, how you are proceeding ?
I was going to go with an abstraction of indexdb anyway, PouchDB, its nice because it can sync to a server with CouchDB installed which should come in handy. It might be good to track sessions and revoke devices, that sounds like fun to build too.
A little more on the stack:
Everything global is being managed by xstate state machines library then rendered with lit-html, the server itself is a Rust based Actix web server.
Its a shame I cant just use webauthn and be done with it but my macbook doesn't seem to support it :(.
I guess that I would be going for something like the mac preferences but with the padlock at the bottom. all restricted actions will require full login.
I think browser is culprit not MacBook
😁. Apart from indexdb, two more experiments I can suggest:
Wonderful suggestions and thank your not going to the client is insecure route as many might without fully reading my intent. I'm seeing the web is moving this way very quickly, cars, speakers, fridges all on the edge authentication, what a time to be alive!
True.
-Using php
geeksforgeeks.org/how-to-get-the-m...