node.js - Client Side JavaScript and database interaction -
i have been working on large project 4 months. have "lead" question.
the rules of project (from customer has no background in it) are
- only javascript used (kendo ui package crud).
- it "secured" sso - adfsv2/acs
- it must have use odata interact database.
please correct me if wrong, not mean
- a. insecure. (after initial login)
- b. how can kendo handle database interaction (correctly) if must update multiple tables?
there programmer working on similar project , using node.js web app interacts database. doesn't suffer similar issue? how client side crud work security , accurately?
correct me if wrong, seem me think javascript directly access database.
for see, javascript used manage ui, , contact (with ajax ?) server update/create/delete entities.
it isn't insecure, developers must ensure requested user's action permitted (on server side).
example : delete requested url https://myserver/myapp/person/1, user can modify url https://myserver/myapp/person/6 or https://myserver/myapp/work/1.
must verify user can delete person id=6, or work id=1.
Comments
Post a Comment