You are developing an application with multiple user roles, and each role has different levels of access to resources. How would you securely implement role-based access control to prevent unauthorized access?

  • Use JSON Web Tokens (JWT) to manage user sessions and roles.
  • Implement access control lists (ACLs) in your application.
  • Check the user's role in the frontend to determine access.
  • Rely solely on server-side sessions to control access.
Option (1) is correct. Using JWTs for session management and roles is a secure approach as they are self-contained and can be verified without relying on server-side sessions. Options (2) and (4) are less secure and may lead to vulnerabilities. Option (3) is incorrect as access control should be enforced on the server.
Add your answer
Loading...

Leave a comment

Your email address will not be published. Required fields are marked *