开发者

Tip on building a role-based security module for rich user interfaces (Using Extensive Javascript/JQuery)?

These days, building rich user interfaces for your application is very essential and im a fan of slick and easy to use interfaces.

Today, we have sliding panels, hiding html elements, timelines ... All these use javascript/JQuery. Sometimes when used in a role-based security application. One sometimes need to enable or disable access to a very small unit of the application, like a panel within a list of panels with not disrupting the client script from executing.

What tips can one following while building a role-based security module that would be robust to take care of todays rich user interface?

This question applies to the .NET platform.

Update:

I know it is not wise to rely on security from the client side. What i really want to know is how you can use the server side and the client sides' ability to manipulate DOM elements to build a real role-based开发者_C百科 security module for a flexible and rich user interface.


Because anyone can access, via a debugger like Firebug, for instance, the DOM in the browser and modify data, you can't really depend on enforcing security on the client-side. You can certainly, on the server, render only those interface components available to the role and restrict access to the methods/actions invoked by client-side javascript or via post/get. In this way, you can make only those actions available based on the role exposed in your client-side code, though a user could still hand-craft the requests if they knew what functions were available. The best way to think about this, I think, is to use javascript, etc. to enhance your user interface, perhaps making more interface elements available, but to rely on the server components to enforce security. At best you can use javascript to hide functionality on the client, but I wouldn't rely on this to enforce security.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜