Frontend and Backend are separated by two concepts but they are united by their interdependence, while the backend remains secure behind an infrastructure, perhaps a cloud like an S3 or a VPS and even in containers like EKS or AKS etc.
The frontend starts from the same point and when consulted by a client perhaps thousands of kilometers away over the Internet, the frontend is rendered on the client's machine obtaining the static files and the basic parameters to interact with the backend.
In this sense, a solution that is continually accepted and widely used for many connections such as SSH, SFTP is the concept of symmetric keys (public/private).
This concept is shown in the following figure.
When the client (rendered frontend) sends data through forms such as this case a login/register, the data previously on the client's computer is encrypted with the public key which, as indicated, is publicly distributed.
This encrypted data flow travels through either HTTP or HTTPS (the latter recommended for security), adding a second value to the security of the information provided by a client.
This concept allows you to survive Man-In-The-Middle techniques, solving a second-instance vulnerability associated with the capture of sensitive data such as credentials, email, credit card numbers, among others.
In the following figure I show an authentication flow for login/register that allows data to be encrypted on the client using the public key.
This data travels through the medium, in this case the Internet, from a remote site to the backend, being secured by both HTTPS and encryption.
When it reaches the backend, this data is decrypted by it using the private key, which is only known to the backend's secured services.
I share a repository on GitHub with code in Nest.JS and Spring Boot Java for your observation.
GitHub: https://github.com/raulrobinson/symmetric-keys
@Author: Raul Bolivar Navas
Email: rasysbox@hotmail.com
Top comments (0)