Forum | Appery.io

I understand that I can create my own security context with Appery (http://docs.appery.io/documentation/g...) . However I am a little confuse whether the security context is server side or client side. If it is client side then I think it is not very secure as it can be tempered with. I hope that it is serve side.

The reason why I think it is client side is because in the example it shows the following code:

".....localStorage.acces_token;"

I could be wrong but does this mean that the security context is client side? Otherwise how would this JS ever work?

Please confirm.

Alon

Hello! Yes, you're right. Generic Security Context is a wrapper for service invocation, it's client. If you're interested in storing on server and sending some data while service invocation use proxy http://docs.appery.io/documentation/s...

Thanks Maryna. Unfortunately I dont see how a Proxy can let me call my own JS code.

What I am trying to achieve is implement my own authentication process for any REST service. The security context would be perfect for this except it is not secure since it is client side and can easily be circumvented.

If you do something with JS - it's a client side and there is no way to "hide" it. Try to use server code. Invoke server code, do necessary data conversion and invoke service from server code.
http://docs.appery.io/documentation/b...