From 0d3e8d7964fdba825ac3075d08b3ec9302ab103b Mon Sep 17 00:00:00 2001 From: christianmat Date: Thu, 11 Jan 2024 14:29:02 -0800 Subject: [PATCH] doc on security --- README.md | 2 ++ packages/js-client/README.md | 2 ++ 2 files changed, 4 insertions(+) diff --git a/README.md b/README.md index 16156c0..e6f27e6 100644 --- a/README.md +++ b/README.md @@ -119,3 +119,5 @@ localStorage is a browser API that allows you to store data in the browser. The Yes. For this reason, we recommend using a non-iterable UUID for your user IDs. This makes it nearly impossible for users to guess other user IDs and access their data unless they know the user ID. +Alternatively, you can create a simple wrapper/proxy API around remoteStorage that uses your own authentication method to verify the user's identity before allowing them to access the data. Then, you can pick a secure and secret Instance ID that is not publicly available to ensure that only your application can access the data. + diff --git a/packages/js-client/README.md b/packages/js-client/README.md index 16156c0..e6f27e6 100644 --- a/packages/js-client/README.md +++ b/packages/js-client/README.md @@ -119,3 +119,5 @@ localStorage is a browser API that allows you to store data in the browser. The Yes. For this reason, we recommend using a non-iterable UUID for your user IDs. This makes it nearly impossible for users to guess other user IDs and access their data unless they know the user ID. +Alternatively, you can create a simple wrapper/proxy API around remoteStorage that uses your own authentication method to verify the user's identity before allowing them to access the data. Then, you can pick a secure and secret Instance ID that is not publicly available to ensure that only your application can access the data. +