i am learning Backbone.js at the moment, so sorry if my question is nooby :-P
in my program i check my data at server-side to be correct and etc ... but i was wondering what will happen if users change the data stored in models using Console in FireBug for example and try .save() or .fetch().
is there any way to stop such actions ?
considering all my data is going to be stored in models and can be easily retrieved by users i am not really comfortable using backbone.js, is it just me or is there something wrong here ?!
A simple and safety way is to include the user credentials (username and password) into your model and check it on the server side to each AJAX calls.
To avoid so much bdd requets, you can also generate an associated array of id => serial key
to each logged user on the server side and return it by fetch()
during the auth proccess, then, check if the id and the serial key you generated match to each AJAX calls.
but i was wondering what will happen if users change the data stored in models using Console in FireBug for example and try .save() or .fetch().
Then the edited data would be submitted to the server
is there any way to stop such actions ?
No, you just have to deal with them in the same way that you deal with any request: Perform authentication/authorization to make sure that the user making the request is allowed to do so.
considering all my data is going to be stored in models and can be easily retrieved by users i am not really comfortable using backbone.js
Then don't use it.
But don't be paranoid about keeping data secret if it is stuff you would display to the user if you weren't using a client side framework like backbond.
considering all my data is going to be stored in models and can be easily retrieved by users i am not really comfortable using backbone.js, is it just me or is there something wrong here ?!
You aren't doing anything wrong, but not using Backbone won't make your site any more secure. Even if you are not using Backbone, I can fire up the console while on your site and make any ajax request I want to your server. If I wanted to take it further, I could build an application that makes any request I want.
No real security can be implemented client-side. That is the server's responsibility regardless of whether or not you are using something like Backbone.