Hi I have some doubts about how to implement security (access level) in an applicacion using (ext, javascript).

This is the situation: I have 3 link (admin, staff, guess) in a right menu, using the .net approach based in component, in the server I can set if the user logged don't have access to admin link something like it
linkAdmin.Visible = false; then the asp.net framework send the html to client and in the html don't appear the link linkAdmin to me is good becouse a hacker don't know if this link exist.

Now with javascript approach, I have to hide it in the client but maybe a developer watch the js and can enable this link (I know I have to protect the app in client and server) but my doubts is which is the better approach to show/hide part of an application using ext (javacript) ?

kind regards
Frank

I read that you know that you cannot implement true security in JavaScript, whatever you do can only be "cosmetic".
Knowing that you have to fully implement security on the server.
For the client side you basically have two options:
- Do not send content the user doesn't have access to
- Send it, but disable it using css or JavaScript

In my personal opinion you should do what you can code most effectively and least error-prone, that will give you the best security. Sometimes this could also, in regards to the two options I gave, be a mixed approach, like disabling the entries in the menu and removing critical js code. But remember, the most important thing is strong security on the server, the client side is always suspicious.