Practical--or secure? My js is kept to a bare minimum, ie, refrain from browser refresh as much as possible, but when it comes time to collect and store data, that is all done server side.

Secure.. in who's interest?.. the data on SAFE is secure, unless made accessible by some application. This is why I ask, to get my head around the limits. There are options for users to enable applications that are outside of any browser - it's the launcher that controls access to data. Perhaps then apps will then be required for more ambitious uses.. and certainly for private and corporate data, to be expected; so the formal use is wrapped up.

The interest I have is the limit for an amateur interest within a browser, what is worth pursuing that is useful and safe for both user and site host. What really needs to become within a separate app and what are sensible limits on a website's actions?

So, I'm expecting that accessing any private data is not be sensible because of a risk that the code is obvious to all users and can be hacked. In that case then perhaps there are no business type websites, without looking to add-on applications - which is a mixed scenario I'd not considered before but perhaps can solve all problems. I'd expect that management of currency will be within the network but control of access to data, I'm wondering whether without an application managing it, that is either public or private. What needs an app then is anything that might not be necessarily be something the webhost wants everyone to have access to?

I know nothing of AJAX, is the code for that open to the users in a hackable way? Having multiple applications to manage data in different ways might become a usability issue.. although there's some reason users will sign up to that in exchange for the upside, would be good to keep it simple.

I am not happy with anything that is client side when it comes to security/ecom/data purposes. As for AJAX, the most commonly used is supplied by google and they offer a js engine as well. How comfortable one can be with that is a personal choice.

Thanks.. that's fairly what I was defaulting to. I have a naive and perhaps unfair view of .js and by association AJAX, that they are more functional and of a type not intended for being secure. Good to be aware.

of a type not intended for being secure

You could argue that javascript (specifically, as distinct from ajax) is more secure, since no information is passing back and forth between server and user. Once a given page has loaded up, your visitors could even unplug their modems and nothing would change.

But I think it's more useful to look at what service you're providing, and find the most efficient way to provide that service. Security then becomes a concern if-and-only-if your service requires repeated interactions between site and visitor.

Well I suppose the common interest will be control of data. I can't see how data could be gifted to a user in such a way that it was not all available to them. So, services enabling the users are practical, control of access to data not. Control of access to data perhaps goes against the core ideals of SAFE being privacy; security; freedom and then either access to public or exclusive allowed access to private data but to be expected some interests will want to enable data for a fee.. and I don't know that the currency will be enabled to manage that directly.

The suggestion javascript is more secure is limited in this context as even that network doesn't know what data is accessed. Perhaps it's good to know javascript is capable of being secure, so that users have confidence but restricting access to what data is made available to a website still isn't obvious without another application managing that and perhaps that'll be the way it needs to be to allow SAFE data to be within databases in the normal sense.

Can javascript or AJAX run a database without a server and would there be practical limits on the size of that or can the calls to data be made in such a way that the size is not an issue?