In case you hadn’t noticed, I’m very excited about Service Workers. It’s doubly exciting to see the efforts the Chrome on Android team are making to make the web a first-class citizen.
The web on my phone
Jeremy Keith
312

You can never trust the client, whether the client is a web browser or a mobile device. The client can always be corrupted and altered in an attempt to compromise transactions.

To me this means that I put my business logic and verification on the server. With the server I can lock down access and I have a higher confidence that my code has not been corrupted.

With this in mind, I don’t see how the web can be a “first-class citizen”. Web clients should always be treated as untrusted partners who may have been corrupted.

Web security is really, really hard. The more a client application diverges from the purpose of presentation, interaction and visualization, the more chance there is that it will be compromised.

Show your support

Clapping shows how much you appreciated nderground’s story.