| |
|
|
JavaScript is in plain view to the user with by selecting view source of the
page. JavaScript can not access the local filesystem without the user's
permission. An AJAX interaction can only be made with the servers-side
component from which the page was loaded. A proxy pattern could be used for
AJAX interactions with external services. You need to be careful not to expose
your application model in such as way that your server-side components are at
risk if a nefarious user to reverse engineer your application. As with any
other web application, consider using HTTPS to secure the connection when
confidential information is being exchanged.
|
|