Hacker News new | past | comments | ask | show | jobs | submit login

Depending on what you're doing, you can perhaps have an authenticated client do things which are not authorized. This can mean that you have to do things server-side to enforce business rules.

Example: I had an inadvertent trust-the-client situation where I let Javascript decide if someone's credit card was going to be charged. I did not anticipate that anyone's computer would ever be hit by a lightning bolt during a transaction, and as a consequence my server got 24 callbacks and dutifully charged the client's card 24 times.

Sometimes authenticated clients can abuse the system intentionally, depending on what you're doing with it.

You will likely discover at some point that your service has to interact with other services, which may or may not be easily doable with a particular client orchestrating all of the work itself.

Depending on your problem domain, you may need to do things on behalf of a client when that client is not connected to the service/the Internet/etc. This counsels having a non-dumb server side piece available.

There exist many other reasons one could name. What are you thinking of doing in your dissertation?

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact