breeze.js security and granularity

Asked Aug 02 '14 at 13:33

Active Aug 02 '14 at 13:33

Viewed 134 times

(in process of selecting a "today's" stack technology for learning them) (I do not know well today's technology)

In Breeze.js (MongoDB and MariaDB),

1) Can we define security granularity so the user can not see records that are not related to them? (such as THEIR orders,THEIR profile, etc.) (I suppose we can do a test on the query, but I mean really impossible to bypass?)

2) For production business proof security, are these tests enough, or better have another layer on the stack to handle login and security? (such as Dreamfactory, or other you may suggest)

Thanks, Marc

asked Aug 02 '14 at 13:33

EMHmark7

Breeze.js is a client-side JavaScript technology. You should never use client-side logic to prevent a user from accessing certain records nor providing any security related business logic. Always fool-proof your API or server logic to prevent these scenarios and use the client-side logic only for improving usability. – PW Kad Aug 04 '14 at 01:19

breeze.js security and granularity

0 Answers0