Thanks for the clarification and the helpful reply. I must admit the docs on $sce and $sanitise and others might give the wrong impression and I didn¹t find a really good easy to read post on the security benefits of Angular.
From: Sander Elias <[email protected]> Reply-To: <[email protected]> Date: Tue, 1 Apr 2014 01:52:57 -0700 (PDT) To: <[email protected]> Subject: Re: [AngularJS] Re: Is Angular JS secure? Calvin, You are mixing up the definition of secure. In this case, they question was about business logic. If you keep your business logic on the server, it will be secure, as in that the user can not get a look at the CODE running on the server. Anything you put in the browser can be examined by the user/hacker/whatever!. So, don't put your algorithm that puts you in front of the competition inside the browser! Then there is the point of being secure in communication. This is where you seem to aim on. This is something different. you can never be secured of the thing your server is talking to. There are a few things you can do, but 100% (or even 95%) security is not obtainable! If anyone does keep a different opinion, show me! I really would like to achieve this! the things you must/can do to keep your data/users safe. 1. use HTTPS, allways. 2. don't use 3rth party hosted stuff. (not talking about known CDN's) 3. use HTTPS!! 4. only include trusted script! 5. use HTTPS!!! 6. Only communicate to trusted resources, and double check those regularly! 7. no ads 8. use HTTPS!!!! google arround on what can be done on security. Google the stuff you are using in combination with security. Don't forget to check all plugins/libraries/frameworks you are using. With that out of the way, besides (possibly) exposing your business logic, AngularJS is one of the most secure frameworks around. It protects you against a whole slew of possible security vulnerabilities, where other frameworks/tools do not protect you at all! Regards Sander -- You received this message because you are subscribed to a topic in the Google Groups "AngularJS" group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/angular/iATsJIDlIGU/unsubscribe. To unsubscribe from this group and all its topics, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/angular. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "AngularJS" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/angular. For more options, visit https://groups.google.com/d/optout.
