All geek questions in one place

Security Backbone.js

I am studying Backbone.js at the moment, so sorry if my question is nooby :-P

in my program, I check my data on the server side to be correct, etc., but I was wondering what would happen if users change the data stored in the models using the console in FireBug, for example, and try using .save ( ) or .fetch ().

Is there any way to stop such actions?

considering that all my data will be stored in models and can be easily received by users, it’s not very convenient for me to use backbone.js, is it just me or is there something wrong here ?!

+6
source share
3 answers

A simple and safe way is to include user credentials (username and password) in your model and check it on the server side for every AJAX call.

To avoid so many bdd requests, you can also generate the associated id => serial key array to each registered user on the server side and return its fetch() during the auth process, and then check if the identifier and the serial match, you created a match for each AJAX call.

+6
source

but I was wondering what would happen if users modify the data stored in models using Console in FireBug, for example, and try using .save () or .fetch ().

Then the edited data will be sent to the server.

Is there any way to stop such actions?

No, you just need to deal with them just like with any request: perform authentication / authorization to make sure that the user making the request can do this.

considering that all my data will be stored in models and can be easily downloaded by users, it’s not very convenient for me to use backbone.js

Then do not use it.

But do not make paranoid data about maintaining data privacy if this is material that you would display to the user, if you did not use a client-side structure such as backbond.

+6
source

considering that all my data will be stored in models and can be easily received by users, it’s not very convenient for me to use backbone.js, is it just me or is there something wrong here ?!

You are not doing anything wrong, but not using Backbone will not make your site more secure. Even if you are not using Backbone, I can run the console on your site and make any ajax request that I want to your server. If I wanted to take it further, I could create an application that makes any request that I want.

No real security can be implemented on the client side. This is the server’s responsibility, regardless of whether you use something like Backbone.

+5
source

Source: https://habr.com/ru/post/918083/

More articles:


All Articles