[TYPO3-50-general] FLUID and ExtJS (or other widget frameworks)
Timo A. Hummel
privat at timohummel.com
Wed Apr 15 22:18:11 CEST 2009
> Does more data travel to the client then he is allowed to view/edit
> (besides the data needed to perform the tasks required by the UI and the
> server interaction)? This is what I'm worried about when I hear that
> logic is shifted from the server to the client. The client is not to be
> trusted.
>
Thats the most difficult decision in designing such systems. How much
data do you expose to the client, and what do you do to avoid abuse? Of
course, a good security model on the service layer is a must, but still
one needs to think about which data to expose very well. I don't know
how signed applications for Adobe AIR might make the situation easier,
but you never know what will happen at the client, unless there's some
way to digitally sign JS scripts on the client.
cheers,
Timo
More information about the TYPO3-project-5_0-general
mailing list