Security in Electron


#1

Is electron secured if I won’t use session in the login function since i believe that session or any security processes in web development is not needed because it is a desktop application, is it still secured? Please bare with me guys, i am still new too electron and i just want to learn. Thank you.


#2

Electron itself does not enforce a certain type of login/authentication flow on you.
I think your decision to not use sessions is quite ok, as i would probably use a token of sorts instead myself.

To your question about security, it all depends on how you build your authentication mechanism.
If you want your users to be able to log in to your application, how do you plan to do it?

  • Do you send their login information to a server where you store user credentials/login information?
  • Or do you only want local users? ( as in local per client )

If you use a server as a backend/service for your users. You at least need to establish the connection to your server securily over SSL, or else credentials can be sniffed, so thats a bare minimum i´d say.


#3

thank you for the reply good sir, so what you are saying is that building an electron is also like building a website app? :slight_smile: