Icon View Thread

The following is the text of the current message along with any replies.
Messages 1 to 6 of 6 total
Thread All Pages Loaded?
Wed, Oct 2 2013 8:51 AMPermanent Link

squiffy

Telemix Ltd.

Avatar

I'm evaluating this and have a question.
If my app has, say 30 odd pages/popups etc., do they all get loaded in one file at the start and displayed on demand?

For example, someone hitting my traditional PHP app will have only the HTML they need produced and displayed. Depending on what they do my back end will create more html (either in response to ajax requests or complete page changes).

I love the idea of this builder that produces code without a specialised server being needed (like Xojo, Wakanda and others of that ilk) but just wonder how bulky the app may become when it gets large.

It's also possible I've completely misunderstood Smile
Wed, Oct 2 2013 9:19 AMPermanent Link

Raul

Team Elevate Team Elevate

EWB generates javascript so in terms of the source code for the app  - yes it does get downloaded it all initially (it's a single .js file). However they don't get necessarily instantiated (unless you decide to create all them on initial load) - normally the actual forms/popups are created as needed in code.

You can test but i personally would not worry too much about it:
- assuming you use compression on EWB and your web server has http compression enabled you're likely inly transmitting 20-40% of original size
- more importantly the initial load loads single file so you're saving on number of requests and latency

I don't have any apps with 30 forms but one of the apps has about 8 forms and is 240K after EWB is done with it - which means if you add http compression on top you're looking at maybe 100-150K

Every app will differ though so best way would be to try it out but i would say it'll likely be just fine.

Raul

<< squiffy wrote:
I'm evaluating this and have a question.
If my app has, say 30 odd pages/popups etc., do they all get loaded in one file at the start and displayed on demand?
For example, someone hitting my traditional PHP app will have only the HTML they need produced and displayed. Depending on what they do my back end will create more html (either in response to ajax requests or complete page changes).
I love the idea of this builder that produces code without a specialised server being needed (like Xojo, Wakanda and others of that ilk) but just wonder how bulky the app may become when it gets large.
It's also possible I've completely misunderstood Smile
>>
Wed, Oct 2 2013 1:17 PMPermanent Link

squiffy

Telemix Ltd.

Avatar

Thanks for your response, Raul.
What I'm trying to get my thick head around is if I had a commercial application (with a log in page and many other pages related to the app), then as soon as they hit the URL, and without even logging in, they would be sent enough information to deconstruct the web site layouts? Obviously minus the server-side logic.

I appreciate that most web apps can be ripped relatively easily, but they usually have to work their way around the pages to do so.

It's not necessarily a problem, but I'm just trying to understand if that is indeed the case.

Thanks again.
Wed, Oct 2 2013 1:46 PMPermanent Link

Raul

Team Elevate Team Elevate

In theory yes if you implement it as single app.

However if this is a concern then you could require authentication before app access (i.e. use web server authentication) or separate the authentication and main app into separate pieces (i.e. use php page for login and only then redirect to actual app (this is likely bit more complex since the url for the app should not be accessible direct but should be doable).

Raul

<<squiffy wrote:
Thanks for your response, Raul.
What I'm trying to get my thick head around is if I had a commercial application (with a log in page and many other pages related to the app), then as soon as they hit the URL, and without even logging in, they would be sent enough information to deconstruct the web site layouts? Obviously minus the server-side logic.

I appreciate that most web apps can be ripped relatively easily, but they usually have to work their way around the pages to do so.

It's not necessarily a problem, but I'm just trying to understand if that is indeed the case.
>>
Wed, Oct 2 2013 1:48 PMPermanent Link

squiffy

Telemix Ltd.

Avatar

Thanks, Raul.
Thu, Oct 3 2013 4:33 AMPermanent Link

Matthew Jones

> and without even logging in, they would be sent enough information
> to deconstruct the web site layouts?

Fundamentally yes. If you have things like server access passwords in the EWB
script, then they are on the client's computer. But if you ensure that you have the
compression on (will be easier when command line build is available) then you will
see that the code is pretty impenetrable. A simple trick like appending a global
string to a constant will split the password in two. Security through obscurity
though, so not perfect.

Fundamentally, any security should be done server side, so the user has to type
something to log in to get the data, or manage it. It's not hard though. You can be
clever though - I have a login screen on one app, and if you login three times (and
fail) then it goes into another mode to allow super-user login. Again, all verified
on the server, but it opens possibilities.

/Matthew Jones/
Image