When writing code I usually think about the following issues, among others:
- Is it a sensitive code?
- Where should it be processed?
- Is it a "light code" not requiring resources intensively that could decrease considerably the service performance like memory/throughput/CPU processing usages?
(the old and famous triad performance requirements)
JavaScript is gorgeous and its main "purpose" was born for client processing using a browser.
Asynchronous calling is widely used to reduce heavy roundtrips where the full page is processed by a server returning its full content, instead it is processed just the minimum stuff required.
Very clever! Very necessary!
We, developers, started programming widely using the client's power processing, asynchronous callings and callbacks, and such intense activity leads us to skip accidentally about some concerns like, for instance, security.
Considering that standard JavaScript model process its code on client, it is not recommended to expose sensitive code, but due to constant coding habits, sometimes some sensitive code leaks to layers where it shouldn't be.
Angular 2, or later versions like Angular 4, uses a client-server architecture, usually supported by Node.js.
That way, this practice may help you avoiding the issue commented above, but you still have to remember that a client-server communication has its security considerations.
You may get some additional comments about this pointing to this link.
On the other side, Angular 1 carries the standard way of JavaScript programming, which makes easier to leak information, while Angular 2 or later, using annotations, requires the server side necessarily on the purpose of its injection resources.
This advantage has a setback, since nothing is totally good or bad.
If working with another server, not Node.js, it will be required two servers.
Well, this additional requirement may be compensated by reducing traffic on the main server, since part of the callings will be attended by the other one processing Angular 2 code.
On the other side, sometimes it is desired simplicity, lower processing, like avoiding additional steps like transpilation, injection, etc. In such cases, Angular 1 may fit like a glove, since sensitive codes are not exposed into client-processed scripts.
So, it is just a question of what is more recommended for each case.
Remember, since there are no miracles, when something does an extra thing it also requires extra resources.
Eventually, a last concern still remaining.
Sometimes, you may have sensitive code but that it doesn't mean that you really need Angular 2.
If the respective feature (use case) that code belongs to has low usage frequency, it may be used the traditional approach (full roundtrip) to spare project time and server resources without major issues about performance and etc. There is still another possibility. You may use the traditional asynchronous call by Angular 1 to process the sensitive code on the server.
If the page rendered on the client is compatible with the target devices, like mobile's platforms, the solution becomes another possible alternative.
Project design is a matter of weighing pros and cons considering possible refactoring costs in the future and cross-platform issues.
No comments:
Post a Comment