Using HTTPS for serving scripts can help prevent man-in-the-middle attacks, and provide assurance that the script that is being executed came from the server specified in the SSL certificate.
Angular js is no different than any other client-side technology, however, and the browser should not be considered a trusted platform. If a hacker has access to a cache sitting between the browser and the serve then they most likely have access to any session cookies and therefore don't even need to rewrite javascript (they can just impersonate the user directly and make their own requests). The server should never trust that the requests it receives from the browser are valid. It should always re-validate any data and ensure the user has permissions to perform the action specified in the request. Web application security is a pretty large topic, way to broad for a single forum post. I would suggest you find some good books on web security if you want to go into more depth. -- You received this message because you are subscribed to the Google Groups "AngularJS" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/angular. For more options, visit https://groups.google.com/groups/opt_out.
