Discussing User Information Security Strategies in WeWeb and Xano
This State Changers meeting primarily revolved around a discussion on user information security and authentication from the perspective of frontend and backend programming. The participants discussed how to properly manage sensitive user information encryption, using concepts such as JWE (JSON Web Encryption) tokens, EUID (End User Identifier), decrypted payload, and transport layer security (TLS), the latter of which is generally provided by HTTPS protocol.
The exchange centered on whether it is secure to send sensitive information, like email addresses and phone numbers, even when encrypted, to the frontend since this information could be seen in clear text by the browser. They concluded that it would be best to handle such security-sensitive processes on the backend, such as in a system like Xano, to reduce the risk of exposing such data. The frontend should be treated as insecure, as there are always risks associated with ensuring safety on the client-side (the user's computer).
One participant was using WeWeb for variable storage, a fact significant to those interested in this platform. The dialogue concluded with an agreement to further examine the setup in an upcoming office hours meeting to verify that the user information security measures were being executed correctly.
The meeting concluded positively, with participants expressing satisfaction with the discussion held and looking forward to future meetings.