[adamconroy]

Somewhat off topic, but how do single page apps deal with people hacking the JS? For example, if as a particular user I am only allowed to perform certain functions within the app, and that functionality is contained in the JS, then it doesn't seem like it would be very hard to modify the JS to enable the functionality I shoudn't be allowed to use.

[ailox]

Usually the functionality of the app exists in the backend, which would be server side. No matter what you do on the frontend, there should be no way for you to trigger actions in the backend you were not authorized to perform.