Hello,
I am learning outsystems and I am really confused what logic to used on server side and what logic to used on client side as there are many security problems in the client side. Is there any doc regarding all the step by step logic which can be used in client side and all the logic step be step in the server side as well.
Thanks,
Kapil
Hi Kapil,
As a rule of thumb, try to expose the least amount of data to the client.
Whatever client side validation you do, execute them also server side. The only reason you do them client side is for a smoother user experience.
Always do role validate server side to ensure that a server action is only executed if the user has the correct role.
Always user GetUserId() in aggregates, which are executed server side.
Limit your client side logic to handle user interaction and the minimum amount of business logic you need to execute client side for a smoother user experience. Anything else can be done server side.
Regards,
Daniel
You can also refer this video links for implementing the server and client logic in your applications.
Link 1
Link 2
Abhinav
Use client actions as much as possible and try to use resources of the client's device. However, the purpose should be to optimize your app for a better user experience, not to outsource your processing power needs. Not to the point to exploit it, or bring the user's device down to a crash. Be reasonable for their resources, but as long as your use case is justified, go for client actions. You don't have to calculate small mathematical functions on server, wasting a lot of network and server resources, and increasing idle/waiting time of the user.
If there's any security threat in using client action, then clearly you must go with server action. For instance, there's no point in saving and checking if a user has a Premium Subscription to your business service, via only a client action.
Your data resides on servers, so for those purposes, you would obviously need server actions, but you can weigh off yourself by looking at offline capabilities (for mobile apps). If this is your learning phase, go for some experiments, try out different things and see the user experience. Your business requirements and your own decisions as you learn, will guide you what serves you the best at a given point, client action or server action.