You are developing an application with multiple user roles, and each role has different levels of access to resources. How would you securely implement role-based access control to prevent unauthorized access?
- Use JSON Web Tokens (JWT) to manage user sessions and roles.
- Implement access control lists (ACLs) in your application.
- Check the user's role in the frontend to determine access.
- Rely solely on server-side sessions to control access.
Option (1) is correct. Using JWTs for session management and roles is a secure approach as they are self-contained and can be verified without relying on server-side sessions. Options (2) and (4) are less secure and may lead to vulnerabilities. Option (3) is incorrect as access control should be enforced on the server.
Loading...
Related Quiz
- What happens when you try to access an index in a buffer that does not exist in Node.js?
- You are developing a real-time analytics dashboard that requires aggregation of data from multiple tables. How can you optimize the queries to ensure minimum latency in displaying the results?
- In Express.js, which middleware is used to handle errors?
- You are tasked with developing a real-time chat application where low latency and high availability are critical. Which type of database would be the most suitable, and what considerations should you have in mind regarding data consistency and partitioning?
- Which of the following is true regarding object keys in JavaScript?