I have not used any of these. But I am wondering how I would most efficiently implement admin Views/Screens with them, mostly from a security perspective, to not leak internals.
Serverside: (PHP/Java/Ruby/Python...)
Its quite easy and very secure to conditionally output form elements that are only available in the administration views.
Clientside (Ember/Angular/Meteor...):
I could conditionally check the Role/Permission on Client-Side and render accordingly the screens. But it will always leak internal information (someone can get a very good understanding what internal features my application offers for administrators, looking at the source). (Of course I have to do a validation on the serverside too!)
How is this solved?
Is the common practice to recode the administration views and having two interfaces, leading to code duplication? Or what are common practices to solve this?
Aucun commentaire:
Enregistrer un commentaire