Is currentMember.getRoles() on the front end secure?

judeosborn · February 22, 2023, 4:07am

I’d like to show elements on a page to admin/site owners only. If I were to use something like currentMember.getRoles() on the frontend to test for admin/site owner, is there any Wix magic that would stop a hacker from spoofing that logic?

If not, what is the recommended way to security restrict content on a public page to admin/site owners only?

CODE-NINJA · February 22, 2023, 8:58am

Nothing is SECURE on FRONTEND!
This for you have BACKEND.

If you have sensitive data like …

Passwords
Keys/Serials
Api-activation-codes
some sensitive data inside of your DATABASE
and so on…

Do work with it only on BACKEND!
And use also the Wix-Secrets-API if need.

Topic		Replies	Views
Secure Image Source Ask the community code , wix-members-area , design , question	2	129	December 30, 2018
Authentication for jsw Ask the community code , question	1	178	April 29, 2018
currentUser.role not Admin? Ask the community code , question	8	726	April 3, 2018
Custom Security Ask the community code , wix-members-area , question	9	238	January 29, 2019
Make other roles see what an admin would see Ask the community code , wix-members-area , question	3	173	April 21, 2020

Is currentMember.getRoles() on the front end secure?

Related topics