Ok, I am sure this might have been answered before but I failed to find in-depth answers when searching.
I am looking to build a SaaS that has multiple accounts with many users under each account, very similar to basecamp.
The data layer would be a php or rails based RESTful API. The front end of course would be ember.js.
My ADHD brain is having a problem wrapping my mind around how to secure such app and protect user’s data. I suspect Token-authentication would work for the actual user/login authentication. But the part I have problem figuring out is how do I keep someone from modifying ember code to gain access to the protected area of the app.
Would something like token-authentication for the users be enough protect (along with things like randomizing user and account ids) or do you need something else that I am missing? Should ember.js even be a consideration for this type of app or am I trying to fit a round peg through a square hole?