1

The Dreamcode as described here: http://nobackend.org/dreamcode.html

That developers don't have to worry about the backend when developing web applications. Is very interesting. However I have few question on building application logic in the front-end.

The question is, even with authentication being processed in the backend.

  • What are the ways to make the app logic obfuscated and not to be copied easily?
  • For the application models it is easy for a server to receive it. However looking with the Store and Public Store idea from Dreamcode, how can we handle fields that are not meant to be sent back to the front-end for security purposes?

For example in this Gist it show how to get object by id:

// find one object
var type = 'note';
var id = 'abc4567';
store.find(type, id)
.done(function (object) {});

The issue here is, for example I have an application that guest user can post a document and edit it later with a password. A guest user saves a document with a encrypted password in it.

When other users "views" the document from the front-end application. The Dreamcode data store will return all the fields for this document object (based on the Dreamcode specification) including the encrypted password, which is not good.

So how can we deal with making a Front-end application with Dreamcode with these potential limitations?

quarks
  • 33,478
  • 73
  • 290
  • 513
  • 1
    Presumably the password encryption isn't trivial enough that having the encrypted password is useful. If you look, for example, at the comments on the user data example, you'll see what their original idea for dreamcode was, which doesn't sound like what you actually want: https://gist.github.com/gr2m/5463475 As it stands, I'm not sure this question is a good fit for SO; I don't think you *do* deal with making a front-end application *of the kind you want* with this particular "noBackend" implementation. – Dave Newton Jan 02 '15 at 08:30

0 Answers0