Reputation: 3908
Security in backbone.js?
I'm new to the world of coffeescript (javascript). Currently building my first backbone.js app which communicates with a Rails backend over SSL.
Over the years I've been told many times over that "JavaScript security sucks, so perform all logic server-side if possible." I've got a handle on server-side security, but what about the client?
It's possible that some of my backbone models will contain information that users will wish to protect.
Update 1: In response to @Nupul, I wish to protect tuples of (integer, string, datetime). Nothing that could compromise any remote system.
Update 2: So the only thing to be aware of is to provide the same data to backbone that one would consider secure to provide in a js-free html view?
Upvotes: 6
Views: 3279
Answers (1)
Reputation: 129744
JavaScript security, in the sense you mean, doesn't just suck, it's literally impossible. You cannot trust code you run on the client. You'll need to structure your program in such a way that your server never sends information to a client's computer unless you want them to be able to see it.
Upvotes: 11
Related Questions
- How to secure Backbone.js
- backbone securityissues
- Backbone.js Template and View security
- Protecting Purely Client-Side Backbone Applications
- Backbone.js Security
- Requirejs, Backbone and security
- single page apps security issue
- How does backbone.js work with CoffeeScript?
- Backbone.js and user authentication
- Backbone.js and role based authorization/potential for client side hacks