Focal PointTechnologies
← All articles

Security

Basic Client-Side Security Concepts

Client-side code runs on the user’s device. They can read it, modify it, and replay requests. Never put secret keys in frontend code. Never trust the client for authorization decisions — enforce those on the server.

Use HTTPS everywhere. Protect against XSS with proper escaping and content security policy. Keep auth tokens handled carefully. The client is a convenience layer; the server is the authority.