View Poll Results: Are you using MVC part of ExtJS4 in your application?

Voters
59. You may not vote on this poll
  • Yes

    42 71.19%
  • No

    17 28.81%
  1. #21
    Sencha User
    Join Date
    Apr 2011
    Posts
    96
    Vote Rating
    3
    stimpy has a little shameless behaviour in the past

      0  

    Default


    I would like to hear someone who is in favor of JS MVC explain how you deal with security.

    If your controllers contain business logic and they are all JS then you have a security problem.

    Or are people backing their controllers with other (non extjs ) controllers ?

  2. #22
    Sencha User Tim Toady's Avatar
    Join Date
    Feb 2010
    Location
    Pennsylvania
    Posts
    570
    Vote Rating
    175
    Tim Toady is a splendid one to behold Tim Toady is a splendid one to behold Tim Toady is a splendid one to behold Tim Toady is a splendid one to behold Tim Toady is a splendid one to behold Tim Toady is a splendid one to behold Tim Toady is a splendid one to behold

      3  

    Default


    Client-side Javascipt is inherently insecure. The server should always be responsible for security in a web application.

  3. #23
    Sencha Premium Member
    Join Date
    Apr 2008
    Posts
    266
    Vote Rating
    28
    themightychris has a spectacular aura about themightychris has a spectacular aura about

      1  

    Default


    I consider it acceptable for someone poking around in my javascript to break their instance of the application, so client-side security need only go as far as the app not breaking in normal use. The server must enforce correct access control and validation for all calls even if the client side also implements it. Any business logic in client-side JS is subject to inspecting and tampering, regardless of style or framework used, so treat it as just user-experience sugar on top of your secure API calls.
    Chief Architect @ Jarv.us Innovations
    Co-captain @ Code for Philly

    Jarvus builds and optimizes top-quality Sencha Touch and ExtJS apps for open-source projects and clients of all sizes.

    Don't waste time with bugs that have already been found and fixed by the community, compile our tried and tested hotfixes packages into all your projects: https://github.com/JarvusInnovations/sencha-hotfixes