DEV Community

Discussion on: Cryptographically protecting your SPA

Collapse
 
matpk profile image
Matheus Adorni Dardenne

I agree with everything you said, but we came to a different conclusion about the value added by this layer.

It is like putting a padlock on your locker. It won't stop highly skillful and motivated attackers for long, but it is definitely not useless, because the vast majority of people won't try, and the majority of people who try will fail, and it will still take time for even specialized attackers to get through. And this time is valuable, since we're constantly improving the security of the back-end. This time could be the difference between a vulnerability being found and being patched.

Collapse
 
leob profile image
leob

Yes sure, absolutely - as with almost everything in software development, "it depends" - I can certainly imagine that there are scenarios or use cases where this is a very useful technique ... dismissing an idea too hastily is one of the most common mistakes (and something we're almost all guilty of, including myself).