View Poll Results: Are you using MVC part of ExtJS4 in your application?

Voters
58. You may not vote on this poll
  • Yes

    42 72.41%
  • No

    16 27.59%
  1. #21
    Sencha User
    Join Date
    Apr 2011
    Posts
    96
    Vote Rating
    3
    stimpy has a little shameless behaviour in the past

      0  

    Default


    I would like to hear someone who is in favor of JS MVC explain how you deal with security.

    If your controllers contain business logic and they are all JS then you have a security problem.

    Or are people backing their controllers with other (non extjs ) controllers ?

  2. #22
    Sencha User Tim Toady's Avatar
    Join Date
    Feb 2010
    Location
    Pennsylvania
    Posts
    536
    Vote Rating
    70
    Tim Toady is a jewel in the rough Tim Toady is a jewel in the rough Tim Toady is a jewel in the rough Tim Toady is a jewel in the rough

      3  

    Default


    Client-side Javascipt is inherently insecure. The server should always be responsible for security in a web application.

  3. #23
    Sencha Premium Member
    Join Date
    Apr 2008
    Posts
    246
    Vote Rating
    23
    themightychris will become famous soon enough themightychris will become famous soon enough

      1  

    Default


    I consider it acceptable for someone poking around in my javascript to break their instance of the application, so client-side security need only go as far as the app not breaking in normal use. The server must enforce correct access control and validation for all calls even if the client side also implements it. Any business logic in client-side JS is subject to inspecting and tampering, regardless of style or framework used, so treat it as just user-experience sugar on top of your secure API calls.
    Chief Architect @ Jarv.us Innovations
    Co-captain @ Code for Philly
    Co-founder @ Devnuts - Philadelphia Hackerspace