In this meeting, the State Changers discuss the security of user information in the front end and back end of their system. Anthony explains that he is passing the user object as a JWE (JSON Web Encryption) token, with the EU ID stored separately outside of the encryption. The encrypted payload contains personal identifiable information such as email addresses, phone numbers, and names. However, the State Changers discuss the need to rethink this security approach. They mention that the front end should not have access to this information, as it poses a potential security risk. Instead, the data should be decrypted at the backend (Xano) side, rather than at the front end (Weweb website). They clarify that any data delivered to the front end should be considered insecure once it reaches the user's computer. The State Changers also discuss the importance of protecting sensitive information, such as passwords, by hashing them instead of transmitting them back and forth. Overall, the meeting focuses on the need to reevaluate the security measures in place and ensure that personal information is adequately protected throughout the system.
(Source: State Change Office Hours 6/15 )
