DEV Community

Cover image for Challenge with RBAC Authentication
Emmanuel Omoiya
Emmanuel Omoiya

Posted on

Challenge with RBAC Authentication

Building great and memorable experiences for any software requires a lot of things and one of those things is for your user to feel safe and "actually" be safe and secure...
The last thing any engineer would hope for is to wake up in the early hours of the morning and notice that the software has been down for close to 3hours and all the data in the database is gone due to a cyber-attack 😭.

I am an engineer that places the security of my user's data above anything else.
Therefore, I would not want a user to access the information of another user through some loop-hole found in the security system of my software.

I have built a lot of software ranging from websites to webservers, microservices, mobile applications, OS kernels and database ORM...

The most painful security experience I have had is with a web server RBAC (Role based access control) authentication feature, as much as it is simple, it can become complex very quickly.

That concept is a "pain in the ass", no cap 🧢...

Having to choose between either using cookies or sessions or even localStorage...
Having to be changing environments to test them out individually 😤...


We'll stop here for today... Follow me for the next part of this article

A big shout out to HNG, HNG Internship, HNG Hiring for inspiring this article.

Reach out to me on Linkedin or X(Twitter) if you want to have a nice chat about anything and I mean absolutely anything.

Top comments (0)