Skip to content
This repository was archived by the owner on Apr 5, 2024. It is now read-only.
This repository was archived by the owner on Apr 5, 2024. It is now read-only.

Use Server-side Authentication #6

Open
Open
Use Server-side Authentication#6
Assignees
cybardev
Labels
securitySecurity issues that require immediate attention
Milestone
Fortnight 1
@cybardev

Description

@cybardev
cybardev
opened on Apr 30, 2023

Issue

Currently, the authentication for admin view is done client-side. This is undesirable, as malicious actors could use the browsers' inbuilt "Inspect" functionality to view the password and add words recordings.

Proposed Solution

Ideally, the typed passphrase would be sent to the server, where a server-side script or function could authenticate it and return a status code (pass/fail the authentication request). The client may then display a tooltip informing the user of a failed authentication, or move on to the next course of action.

Tasks

  • create GET endpoint on server-side script for admin password
  • send password (in a secure way) to the server in client-side script
  • authenticate password on the server and send back status code
  • appropriately handle status code on client-side

Metadata

Metadata

Assignees

Labels

securitySecurity issues that require immediate attention

Projects

Mi'kmaq Pictionary

Status

In Progress

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions