It's not real until it's secured.
– Greg L. Turnquist @gregturn
In the previous chapter, you learned how to turn our application into a fully asynchronous, message-based app using WebSockets.
Security is hard. Even among the experts. Rob Winch, the lead for Spring Security, has stated in multiple forums, "Do not implement security on your own." A classic example is when someone wrote a utility to crack password-protected Microsoft Word documents. It had an intentional delay so that it didn't operate in subsecond time. Get it? The author of the tool didn't want to show how easy it was to break a Word document.
Suffice it to say, there are lots of attack vectors. Especially on the web. The fact that our applications partially run in a remote location (the browser) on someone else's machine leaves little...