How does server-side validation work? #8518
Replies: 1 comment
-
Not a dumb question at all. The server-side is usually done with CouchDB. It is then responsible for validation and authorization. Authorization Validation You could also add a proxy between the client and CouchDB using express-pouchdb or any other proxy package and do your own validation. Security
Admin users are created by config. They are not stored in the PouchDB by itself doesn't have the notion of authorization or validation. For client-side reuse of the validate-update-functions you could use the pouchdb-validation plugin. |
Beta Was this translation helpful? Give feedback.
-
Ok, I am only 1-day old in the PouchDB/Offline-first realm and this might sound like a dumb question. I so far understand what its intended use cases are and how it generally works. But I have a question. How does the validation fit into that picture? If the PouchDB source is loaded in the browser and some malicious code is executed, let's say to override a user's role from 'editor' to 'admin' wouldn't that be synced with the server-side replica as well? In the online-first world, typically the server-side application validates the incoming data, how does that work in the PouchDB world?
Beta Was this translation helpful? Give feedback.
All reactions