+ 2
Does moment.js really prevent date and time manipulation from users?
Assuming a monthly subscription that should end 1st January 2021 and the user changes their PC dates to maybe...13 December 2020. Can using moment.js in client know the correct time and prevent them from accessing features they shouldn't? If it can't, which library can do this?
3 Réponses
+ 2
You should not rely on client side, when you try to determine the eligibility for a subscription. Better to compare it to server time, rather than local time on the client machine.
Moment.js is also mutable, so it can be easily changed / manipulated / hacked by client code.
I am not sure how and why you use moment.js but maybe read this article where the author of the library explains why you probably SHOULD NOT use it, and what are the alternatives:
https://momentjs.com/docs/#/-project-status/
+ 1
Tibor Santa I think I get where you are going. Use datetime.now of the server's location to store the expiration date. So we compare the server time to the expiration date irregardless of the user's time zone whatever. Yes?
Now think about this, the owner relocated and moved the server to a country that is maybe... +6 G.M.T. How will they go about the authentication?
0
Tomiwa Joseph if you have some sort of user authentication already, I really assume that would happen on the back-end. Determining if the user is alllowed to view the page, as well as determining if he/she has a valid subscription, should be hidden from the client and they both need to happen on server side.. Otherwise, you cannot guarantee that the content is served only to eligible users.