Is MVC really required?

**stimpy** · 8 Oct 2012 11:08 AM

I would like to hear someone who is in favor of JS MVC explain how you deal with security.

If your controllers contain business logic and they are all JS then you have a security problem.

Or are people backing their controllers with other (non extjs ) controllers ?

**Tim Toady** · 8 Oct 2012 11:17 AM

Client-side Javascipt is inherently insecure. The server should always be responsible for security in a web application.

**themightychris** · 14 Oct 2012 7:00 AM

I consider it acceptable for someone poking around in my javascript to break their instance of the application, so client-side security need only go as far as the app not breaking in normal use. The server must enforce correct access control and validation for all calls even if the client side also implements it. Any business logic in client-side JS is subject to inspecting and tampering, regardless of style or framework used, so treat it as just user-experience sugar on top of your secure API calls.

View Poll Results: Are you using MVC part of ExtJS4 in your application?

Is MVC really required?

Thread Tools

Search Thread

Display

Tags for this Thread