i am learning Backbone.js at the moment, so sorry if my question is nooby :-P
in my program i check my data at server-side to be correct and etc ... but i was wondering what will happen if users change the data stored in models using Console in FireBug for example and try .save() or .fetch().
is there any way to stop such actions ?
considering all my data is going to be stored in models and can be easily retrieved by users i am not really fortable using backbone.js, is it just me or is there something wrong here ?!
i am learning Backbone.js at the moment, so sorry if my question is nooby :-P
in my program i check my data at server-side to be correct and etc ... but i was wondering what will happen if users change the data stored in models using Console in FireBug for example and try .save() or .fetch().
is there any way to stop such actions ?
considering all my data is going to be stored in models and can be easily retrieved by users i am not really fortable using backbone.js, is it just me or is there something wrong here ?!
Share Improve this question asked Jun 14, 2012 at 10:47 Salman ASalman A 1637 bronze badges 1- No you can't stop anything on client side (backbone or not), validate data on server side. – Esailija Commented Jun 14, 2012 at 10:49
3 Answers
Reset to default 6A simple and safety way is to include the user credentials (username and password) into your model and check it on the server side to each AJAX calls.
To avoid so much bdd requets, you can also generate an associated array of id => serial key to each logged user on the server side and return it by fetch() during the auth proccess, then, check if the id and the serial key you generated match to each AJAX calls.
but i was wondering what will happen if users change the data stored in models using Console in FireBug for example and try .save() or .fetch().
Then the edited data would be submitted to the server
is there any way to stop such actions ?
No, you just have to deal with them in the same way that you deal with any request: Perform authentication/authorization to make sure that the user making the request is allowed to do so.
considering all my data is going to be stored in models and can be easily retrieved by users i am not really fortable using backbone.js
Then don't use it.
But don't be paranoid about keeping data secret if it is stuff you would display to the user if you weren't using a client side framework like backbond.
considering all my data is going to be stored in models and can be easily retrieved by users i am not really fortable using backbone.js, is it just me or is there something wrong here ?!
You aren't doing anything wrong, but not using Backbone won't make your site any more secure. Even if you are not using Backbone, I can fire up the console while on your site and make any ajax request I want to your server. If I wanted to take it further, I could build an application that makes any request I want.
No real security can be implemented client-side. That is the server's responsibility regardless of whether or not you are using something like Backbone.