Is it alright to expect that the user using the back end will have Javascript enabled?
I guess the answer I'll get is 'it depends on your target users'. I am developing a system for fun that will hopefully be used by other people. I would like to hear from other people developing back end systems, and what did they decide to do and why?
SEO I'm not concerned with, and semantics aern't of as much importance.
As long as the function that your application will be serving is general, I'd say it is safe to rely on Javascript. One of the sites that I manage receives ~35,000 UV's on a good day. I think it is fair to say we come in contact with quite a variety of browser and operating system combinations. According to our stats, roughly 97% of our users have Javascript enabled.
If it can fail elegantly without Javascript, I'd opt for that solution, but I wouldn't lose sleep over the fact that you might be losing a few people everyday.
Personally I would expect the failover, but there are circumstances (particularly low profile sites, intranets, e-learning content) where you can assume JS.
Mostly you can even go with a simple "You require JS / This works better with JS" and I would consider that good enough, but there's a couple of instances where I would demand real failover:
.gov or other public service sites (legal requirements)
sites for web-tech companies (you need to demonstrate your ability to do this)
very high traffic sites (where the 3% of non-JS users becomes a high absolute number)
sites (or pages) for mobile devices (most of these haven't got JS reliably)
In general, it's reasonably easy to provide some kind of noscript, so why not do it anyway?
considering the 3 points :
I'd say that it's alright. :)
annakata provided a pretty good insight as well.
I refer you to this post by Jeff Atwood. The important assertion in it is that you can expect that javascript will work as expected among browsers. The security risks are also lower today. So I would say that is now safe to ignore clients that do not enable javascript. If you want to attack users javascript would give a clear advantage.
The only exception I can think of is mobile sites. Although mobile browsers have gone better and do support javascript, the extra download bandwidth and the small screen make js less suitable.
It really depends on your application and its target audiences. Do you care about user accessibility (can disabled people use the site), do you want your site to work on various mobile browsers with limited JavaScript support? I would try to build the site so that it would gracefully degrade without CSS or JavaScript. That is unless you site is very dynamic, like say a word processor which can't possible work at all without JavaScript.
Yes, It mostly depends on your target user. Whatever the front end is, the back end must be bulletproof. At least, it should make ensure that, nobody can hack or make a mess by disabling javascript. server-side filtering/validations is important for security, while client-side validation and interactivity is important for usability.
I don't think it's unreasonable to require Javascript for a web based backend/CMS, where your target users are likely to be a fairly small and pretty specific group.
All the CMS systems that I've worked on so far have required it.