I still am not sure that server side is fully secure but I do know its a common belief. Server side with correct sever admin helps secure the source ok and that can include for example a private app key. Server side requests data via http for me sends out API secret and token for example using foursquare app - this is no different in my mind to sending via the client. This is all unencrypted info that is available just because it runs on the server there is no magic backchannel ? I realise I don't help the OP here but am kind of asking for your guys input to help my own thinking.
On Sunday, 30 March 2014 15:56:10 UTC+1, José Borba wrote: > > First point: web is insecure; > Second point: the only way to keep your business logic secure is to keep > it in the SERVER side. > Third point (optional): use Angular for presentation only. Is what I do. > > Best regards, > > > 2014-03-30 11:40 GMT-03:00 Jeremy Likness <[email protected] <javascript:> > >: > >> Angular is no different than any other browser-based technology. It is >> completely your choice to decide much logic runs at the client vs. the >> server and what trade-offs you are willing to make. >> >> What "business logic" is it you think will be hacked? Do you have a >> tangible example? For example, if your company has some special algorithm >> for determining how many widgets are going to be sold over the next two >> weeks, there is nothing in Angular to prevent you from hosting that >> algorithm on your server and just exposing the result as a web service end >> point. Angular's interceptors give you control over headers for >> authentication and to avoid cross-site forgery, etc. so I'm not sure I buy >> the argument that it is any less secure than the web in general, and if >> anything I'd say it supports making your apps more secure. >> >> Jeremy >> >> >> On Saturday, March 29, 2014 5:36:32 PM UTC-4, akshit mahajan wrote: >>> >>> Hi, >>> >>> I am very new to angular JS, I read a few posts online that angular JS >>> is not a good choice security-vise. >>> >>> Since all the business logic that is written is present at the client >>> end(Browser), any hacker can attempt to hack the business logic easily! >>> >>> What are the expert's comments/suggestions in this scenario? >>> >> -- >> You received this message because you are subscribed to the Google Groups >> "AngularJS" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To post to this group, send email to [email protected]<javascript:> >> . >> Visit this group at http://groups.google.com/group/angular. >> For more options, visit https://groups.google.com/d/optout. >> > > > > -- > José Ricardo Borba > > -- You received this message because you are subscribed to the Google Groups "AngularJS" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/angular. For more options, visit https://groups.google.com/d/optout.
