Security Considerations

Here we learn how to mitigate security issues on both client and server side

A processed SIWStarkware message must be validated using standard libraries such as starknet.js. @web3auth/sign-in-with-starkware npm package exposes a function validate() that makes it easy.

Fields that have a high significance from a security standpoint :-

nonce To prevent replay attacks, a nonce should be selected with sufficient entropy for the use case, and the server should assert that the nonce matches the expected value. In some systems, the server and client may agree to use a nonce derived from a recent block hash or system time, reducing server interaction.
domain Wallets conforming to CAIP standards are able to check for (or even generate) correct domain bindings to prevent phishing attacks, i.e., that the website "example.org" is indeed securely serving the SIWStarkware message beginning with "example.org wants you to sign in with..."

Here we learn how to mitigate security issues on both client and server side​

Here we learn how to mitigate security issues on both client and server side