do button-level permissions control on APP, like html, return all button elements when logging in and let the front end handle it on its own?
do button-level permissions control on APP, like html, return all button elements when logging in and let the front end handle it on its own?
this is not strict enough, and permission control should be done in the background to prevent the foreground from maliciously modifying the passed parameters.
permission control is controlled by the back end. Roles control the list of resources (menus, etc.) that the user belongs to.
if the front end handles these things, it loses the meaning of permission control.
first: security issues to understand the program directly modified your permissions.
second: the program is not flexible enough. Access control is written to death and cannot be changed flexibly.
WeChat Pay, send out ordinary red packets. One parameter is IP address could you tell me if this address is the address of my server? I wrote 127.0.0.1, and it was sent successfully what is the meaning of this parameter Ip address client_ip is the ...