← Back to context

Comment by dylan604

3 months ago

That's not what I said nor meant, but sure, jump to that conclusion.

You wouldn't run a shopping cart app where the item counts and totals were calculated client-side. You get the item id and quantity, and have the server do that. Just like if you were censoring something, you wouldn't send the client the unredacted data and then let the UI make the edits.

No obfuscation is needed for any of that. Open web has nothing to do with any of this

7 comments

dylan604

Reply
stevage  3 months ago

Sometimes you do calculate prices client side. But you double check them server side.

  • dylan604  3 months ago

    That just feels like a "you're holding it wrong" type of thing, especially seeing how JS is held in such high regard for its floating point math accuracy.

DonHopkins  3 months ago

Jesus, you sound like the X11 fanatics I used to debate with about NeWS, long before anyone had envisioned Google Maps or coined the term AJAX for what we'd been doing with PostScript since the 1980's.

The NeWS window system was like AJAX, but with: 1) PostScript code instead of JavaScript code 2) PostScript graphics instead of DHTML graphics, and 3) PostScript data instead of XML data.

https://en.wikipedia.org/wiki/NeWS

NeWS – Network Extensible Window System (wikipedia.org) 86 points by stevewilhelm on April 12, 2016 | hide | past | favorite | 76 comments

https://donhopkins.medium.com/the-story-of-sun-microsystems-...

Computers and networks are fast enough (especially now 35 years later) that it's ok to perform input validation twice, once in the front-end to make the user experience tolerably fast, and again in the back-end to prevent fraud. This is not rocket science, nor a new idea! It also helps if the client and server are implemented in the same language (i.e. JavaScript today), so you can use the exact same code and data for modeling and validation on both ends.