Hacker News new | ask | show | jobs
by andrewstuart2 4166 days ago
A castle with no gate is also more secure. And kind of useless for its inhabitants. Like being under siege all the time.

My point being, sure you can get a more secure `something` by making it more and more static, but you'll probably cripple it somehow.

It's simply a balance you have to find for your use case.
2 comments
jkot 4166 days ago
There are castles with no gates.

I think problem is that current dynamic websites are sort of crippled already. Right now even simple shopping app requires UI based on HTML + web. Not a chance to use command line, some automated devices etc... In future we might see radically simplified protocols/webservices for more universal access.

link
Diederich 4166 days ago
I hear what you're saying, but it doesn't have to be so.

All of the web apps I make at work are all javascript in a page apps. But before I start doing any of that, I make a REST API. 100% of the interaction between javascript and the web server is REST.

There are many reasons for this, but a key one is that it allows easy command-line or programatic interaction. Much easier than with traditional, server generated web apps.

link
sbilstein 4166 days ago
Same here. Increasingly products I work on do almost no server side templating; frontend templates call REST services that I can test with curl, postman, or other tools.
link
tsax 4166 days ago
Are there any downsides to this design?
link
sbilstein 4166 days ago
Not really, you can achieve this using a Rails (or rails-like thing like Play) very easily and use in their built CSRF, SSL, etc. but this type of design also makes it easy to build from scratch (which may lead you down the path of reinventing things).

SPA + restful endpoints makes it easy to pick a library centric approach vs. a framework approach but it certainly does not preclude you from using a framework.

I guess people who disable javascript don't get to use your site...but I don't really care about that segment of the population.

link
Diederich 4165 days ago
I've also found it easier to secure my apps. The attack surface seems to be much smaller.
link
vinceguidry 4166 days ago
> There are castles with no gates.

Like, real castles?

link
jkot 4166 days ago
Yes. Some towers in Ireland have entrance on 3th floor. And Meteora monasteries are build on top of rocks, with only crane access.
link
rimantas 4166 days ago
OTOH I'd say currently balance is heavily skewed to needless dynamism. You cannot get some trivial page without JS enabled and god only knows what's going on on the server.
link