I’m new to the world of coffeescript (javascript). Currently building my first backbone.js app which communicates with a Rails backend over SSL.
Over the years I’ve been told many times over that “JavaScript security sucks, so perform all logic server-side if possible.” I’ve got a handle on server-side security, but what about the client?
It’s possible that some of my backbone models will contain information that users will wish to protect.
Update 1: In response to @Nupul, I wish to protect tuples of (integer, string, datetime). Nothing that could compromise any remote system.
Update 2: So the only thing to be aware of is to provide the same data to backbone that one would consider secure to provide in a js-free html view?
JavaScript security, in the sense you mean, doesn’t just suck, it’s literally impossible. You cannot trust code you run on the client. You’ll need to structure your program in such a way that your server never sends information to a client’s computer unless you want them to be able to see it.