Ask HN: JS-heavy apps revealing business logic on frontend?

3 points by adyus ↗ HN
I'd like a better informed opinion on this, but with the torrent of JS-heavy frontend web apps these days, isn't there a risk of revealing some potentially compromising security flaws if someone simply opens up the downloaded .js file and studies it carefully? Wouldn't it make more sense to tuck away all the meat of the app in the backend and only use frontend JS for UX/UI updates?

3 comments

[ 4.4 ms ] story [ 20.4 ms ] thread
The same rules still apply no matter how much code is in the front end: Never trust the client.
Indeed, for callbacks and such I find it good to just think of the web browser as just another web service client calling an API: that's where you draw your line of trust (your own code running in your own environment).
That's actually a great way to begin building a system: consider the browser as another API client. It's sort of the Twitter way, I guess.