Security & Limitations of Session/Memory

Shan · July 30, 2020, 1:36pm

Suppose I do not wish to have an actual member area on my site/web app. I do not want to collect any kind of personally identifiable information for the CRM & Site Member section. Instead I authorize the user login via an SSO and on a successful authorization I store a session/user ID (which is returned by the SSO either as a URL parameter or some other method) using the session storage .

On my database everything is set to ‘Admin Only’ but I have a column called ‘User ID’ which will contain the same ID from the browser’s session/user ID which I have stored. I run a backend query using suppressAuth for the find() parameter and retrieve all items whose ‘User ID’ column matches the browser’s session/user ID and return it to the page. That’s it.

What kind of security flaws/threats will this method give rise to (if any)?
Any kind of limitation regarding accessing database items using this method?
Which one should be preferred over the other? Session or Memory ?

plomteuxquentin · July 30, 2020, 2:10pm

Thx for sharing that technique. I never thought of it.

This might only have some issue if you want to work with Wix app that use the member/crm system to keep track of users. Other than that I don’t see any flaws (but I’m not a security expert at all!)

Topic		Replies	Views
Check on session storage Ask the community code , wix-stores , question	3	1067	December 18, 2017
Guest passwords and member passwords Ask the community code , wix-members-area , question	22	4196	December 9, 2019
Database Security / Preventing a Hack & Securing Customer API keys Ask the community code , wix-stores , wix-members-area	2	86	August 8, 2023
Database query and Site User Ask the community code , wix-members-area , question	1	325	January 30, 2019
I'm having problems with the sessions storage in the dynamic pages. Ask the community code , wix-stores , question	0	179	October 29, 2020

Security & Limitations of Session/Memory

Related topics