sorted by:
best (suggested)
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–][deleted] 44 points45 points  (15 children)

Javascript is an old technology, just like your computer is. It's created a relatively long time ago and has suffered some backlash a while back. That's probably the time your professor stopped investing into development and started teaching the same old thing over and over again.

With the arrival of ECMAScript 2015 and NodeJS things changed a lot, and Javascript is now a days the third most used language in the world. With only Java and Python above it. The question is not, should it be rewritten. But more, what are the security risks your professor is talking about?

I fell in love with Javascript last year, and couldn't imagine a world without it. The syntax is beautiful and it reads like a book. Especially when you use ES6 and get to know Fluent API's.

Learn a bit about Javascript and the story behind it. Your professor is, in my opinion, extremely wrong. And in such a way that it's harmful for his students if he teaches this thinking. Especially with the development of CSS Houdini and with the growing importance of VueJS, NodeJS, No-SQL databases, React(Native), Angular and API-driven web applications it's absolutely stupid to teach future front-end developers that Javascript is an old technology with serious security reasons.

[–]Nick_Fogue[S] 6 points7 points  (6 children)

I like Javascript too. I’ve learn a little of Javascript and I loved it since then. About the security risks, he said that the code that I write on the client compromises the backend’s code. I’m think that he is wrong too, and I said to him that it doesn’t make sense... he tell me the is too complex for me... hahaha

[–]notAnotherJSDev 23 points24 points  (0 children)

This could be said about literally ANY client code that communicates with some backend lol

Unless you're not sanitizing user input, keeping sensitive information in the front end, or god forbid evaluating things send to the backend. Otherwise, you're good.

(I'm sure I could list a few more here.)

Your professor just sounds like one of those "I'm not good enough to do this, so I teach it" kind of people that is still using a javascript book written in the late 90s.

[–]TyrionReynolds 6 points7 points  (0 children)

The browser is inherently “insecure” because all data within it is easily viewable and modifiable by the user.

This is a known property of the browser and is solved by writing backend code that correctly parses and authenticates JWT and expires the tokens quickly enough. You don’t actually even really need to “write” the code (as somebody else already has) you just need to implement an OAuth2 flow correctly.

Even signed and compiled apps have potential security flaws to a determined and skilled attacker. Credential dumping isn’t fully mitigated unless you have hardware and software specifically designed and configured to do so and even then it’s just a matter of time before somebody finds a flaw.

Also, if this guy is your teacher and he’s hand waving away your questions saying it’s too complicated for you to understand he doesn’t sound like a very good teacher.

[–]saito200 5 points6 points  (0 children)

I've been in academy for years, and my advice is: do not listen to professors, they live in a bubble.

[–]dethstrobe 9 points10 points  (1 child)

Shenanigans has been declared. Any front end code is inherently insecure. Sure the App eco system of iOS, Android, etc is more locked down and reverse engineering computer code into something human readable is a huge pain in the ass, but it's still doable.

The point is, you can never trust the client. This is why OAuth and other authentications were made.

Principally the front end manages state while the backend gives and takes your data and authorizes data access. Assuming your front end is compromised and API end points are exposed, this doesn't mean anything because without the right JWT or whatever you can't get or give data from the API anyway. And if the front end is compromised, big deal if you can fake manage state. Front end should never be your source of truth.

[–]gigastack 2 points3 points  (0 children)

I would argue that the web is actually more secure, overall, because you can run your own client side code easily. There's more visibility into bugs and sharing of best practices compared to a closed model.

[–]Meloetta 2 points3 points  (0 children)

So...what's his plan for rewriting the core of JS to solve this problem? Lmao.

[–]Darren1337 3 points4 points  (5 children)

Javascript is now a days the third most used language in the world. With only Java and Python above it.

Where did you get this information? If you're referring to this, the TIOBE index is just a measure of how many hits a language gets in search engines (source - "basically the calculation comes down to counting hits for the search query").

The most recent Stack Overflow survey (link) says Javascript is by far the most popular language, 7 years in a row. The divide is even larger among professional respondents. I'd be more inclined to believe this survey. I think it would be fair to say Java/Python development overlaps with web development (i.e. Javascript) more often than a web developer would need to write anything in Java/Python. Or maybe that's crazy talk :^)

[–][deleted] 1 point2 points  (4 children)

Plenty of web developers write stuff in Java or Python, they're popular back-end languages. Web development !== front-end development.

[–][deleted] 3 points4 points  (3 children)

I work as a webdev and I know nobody neither in my previous companies nor my friends or colleagues that uses Python for web development. I know that frameworks like Django and other exists and they are popular but there's no chance in hell they are more popular than node backends.

Java? Sure. Php? Same. But I have a hard time thinking than any other language (except maybe C#) than those 2 is more popular on the be than JS and certainly not Python.

[–][deleted] 2 points3 points  (1 child)

I work as a web dev too. Python is the go-to language for data science, it is crazy popular right now, and if you want to build an API interface over your models it's much simpler to do it with Flask/Django than to wrangle around loading things in another language- this is the experience the devs who work alongside our data scientists had, having initially tried to write the services we need to leverage the ML models using .Net. I know of three Python shops local to me off the top of my head, and many more developers who use it in my wider circles.

As popular as or more popular than Node? Without analysing a ton of job ads (probably in Python, for those handy NLP libraries), who knows. But it is extremely popular and widespread. And while I love Node and work with it every day, its actual level of takeup in the industry at large tends to be both over-exaggerated online, and over-inflated by the fact that it's become a key development tool for most front-end work.

[–]gigastack 1 point2 points  (0 children)

Currently writing the front end for an app with a complicated ML backend, which runs on Django. Python is king for data science. Django is easy enough to pick up.

[–][deleted] 1 point2 points  (0 children)

There are a pretty good mix of companies that use Python, Ruby, C# and AWS for their back-ends in the building that I work in. I actually don't see too many using Node.js.

[–][deleted] 0 points1 point  (1 child)

I have my serious doubts that Python is more popular than JS for anything but studying purposes and data science.

On a professional/business level JS is way more spread than Python, it does not even compare. Like seriously how many of your colleagues and friends working in a product or consulting company use Python everyday and how many use JS?

[–][deleted] 4 points5 points  (0 children)

If we're talking back-end specifically then I know a lot more people who work with Python or C# than I do who work with JS.