Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Backbone.js Security

Tags:

javascript

security

backbone.js

i am learning Backbone.js at the moment, so sorry if my question is nooby :-P

in my program i check my data at server-side to be correct and etc ... but i was wondering what will happen if users change the data stored in models using Console in FireBug for example and try .save() or .fetch().

is there any way to stop such actions ?

considering all my data is going to be stored in models and can be easily retrieved by users i am not really comfortable using backbone.js, is it just me or is there something wrong here ?!

like image 918
Salman A Avatar asked Jun 14 '12 10:06

Salman A

3 Answers

A simple and safety way is to include the user credentials (username and password) into your model and check it on the server side to each AJAX calls.

To avoid so much bdd requets, you can also generate an associated array of id => serial key to each logged user on the server side and return it by fetch() during the auth proccess, then, check if the id and the serial key you generated match to each AJAX calls.

like image 187
Ludo Avatar answered Oct 17 '22 00:10

Ludo

but i was wondering what will happen if users change the data stored in models using Console in FireBug for example and try .save() or .fetch().

Then the edited data would be submitted to the server

is there any way to stop such actions ?

No, you just have to deal with them in the same way that you deal with any request: Perform authentication/authorization to make sure that the user making the request is allowed to do so.

considering all my data is going to be stored in models and can be easily retrieved by users i am not really comfortable using backbone.js

Then don't use it.

But don't be paranoid about keeping data secret if it is stuff you would display to the user if you weren't using a client side framework like backbond.

like image 6
Quentin Avatar answered Oct 17 '22 00:10

Quentin

considering all my data is going to be stored in models and can be easily retrieved by users i am not really comfortable using backbone.js, is it just me or is there something wrong here ?!

You aren't doing anything wrong, but not using Backbone won't make your site any more secure. Even if you are not using Backbone, I can fire up the console while on your site and make any ajax request I want to your server. If I wanted to take it further, I could build an application that makes any request I want.

No real security can be implemented client-side. That is the server's responsibility regardless of whether or not you are using something like Backbone.

like image 6
Blake B Avatar answered Oct 17 '22 00:10

Blake B
Sign in to Comment

Related questions

What's the difference between document.getElementById("test").value and document.getElementById("test").innerHTML
If cookie does not exist alert and redirect
Access UI from JavaScript on Android
Self-executing function syntax and callback syntax explained
How to display highchart y axis with constistant data
Is it possible to access a MySQL database straight from Javascript
SECURITY_ERR: DOM Exception 18 when applying document.domain on both sites. How do I resolve this?
Duplicate Pinterest Facebook invite functionality
My node.js https client always works regardless of certificate validity
What's the difference between Raphael and gRaphael?
How to Access Array response of AJAX
knockoutjs ObservableArrays and sort function: UI is not updated
jquery/backbone/mustache/json rendering html as text string
Can I pass multiple checkbox values with one name?
delete last row in table
show HTML in alert window same like iframe?
Reformat string containing uk postcode using regex
Getting img.src value (path name)
JavaScript network visualization?
How to get three month ago date in javascript in the format as YYYYDDMM efficiently

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!