Front vs. Back End

Question

Is there a convention for deciding if a task should be preformed in the front or back end of a website? A simple example: If you want to convert a string to a number, you could use .to_i in Ruby or parseInt() in JavaScript.
Something this simple probably does not matter, but I'd appreciate an explanation that I could apply to more complicated scenarios. Thank you!

Answer 1 · 2015-03-05T02:55:05Z

March 5, 2015 2:55am

I'll give this a shot.

The front end is what the user experiences. It is a display of state, or a presentation of data as honey. We want the front end looking as slick and gorgeous as possible to attract the most users and keep them for as long as possible.

Changes to this state are sent to the server for validation and responded to with new data from the database - thus, updating or changing the state of the client. Client side validation is a convenience for the user, but not a substitute for server side validation. By using scripts to validate on the client, you can reduce the amount of HTTP requests to your server.

However, you will always need server side validation because, as a general rule, you can never trust user input. User input may be wrong as a result of mistakes, or wrong as a result of trying to execute arbitrary code and get a full dump of your SQL database.

To recap, parseInt can be used on the client for convenience to both you and the user, but it must be used on the server to protect against unauthorized access to your database. parseInt is just an example, but the more broader question is about validation, which I hope is now more clear.

Welcome to the Treehouse Community

Looking to learn something new?

Matt Berry

Matt Berry

Front vs. Back End

1 Answer

Robert Richey

Robert Richey