As the title says, where should I put the allow and deny rules? Should they be in the root folder and shared between the client and the server, as they do in the "parties" example application?
I am thinking about security, and will the client not be able to edit the rules if sent to it? Or will the server always have the correct code, and such, it will not be a problem if the client alters the rules?
How does this work?
The rules can be both on the server and client. One requirement is you have to have them on the server (in /server
). Its optional on the client.
If they're on the client it can speed things up to quickly check if its ok to change something. If you put it on the server only it can take a full round trip to check whether its ok to insert/update/remove something. Its like having latency compensation for the allow/deny rules
If you place it in /
(root directory) it will check on both the client and server. So you can check if its going to be inserted immediately on the client & if its altered on the client the server side one is there to check too. This way its still safe. So this is how the Parties example does it.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With