All the logic in client side when used used breeze.js file so i want to confirm that in this comming security issue beacuse user can see all the things on browser and break the code or logic.So please suggest me am right or wrong?
This question has been asked and answered a couple of times over on StackOverflow.
The quick answer is the place to block unauthorized access to customers is on the server using secure controller methods.
The long answer is that we’re working on additional docs that we detail some of our best practices.
I would really love to see that document. Breeze looks truly awesome, but I have a lot of questions about security and how to metadata. Is that document ready? Can you post a link?