Hi, you should protect it in the server site rest service, like authorization for doing CRUD operation.
Except for user account information, the one can do update only the user it selft, and admin level account. Protection in client side still make your app wont be vulnerability to the edit you mention even polute the $rootScope or the url. By design your REST service should secure and it will apply to all client and you set. Regards, Mulianto http://muliantophang.blogspot.com On Sun, Jun 22, 2014 at 9:44 PM, Martin Alix <[email protected]> wrote: > You should not pollute the $rootScope, but client-side authorization > methods are a good starting point (after authentication) and can easily be > included in an Angular service or factory. > Server-side, if you assign roles to your users and keep the user's current > roles in a Session, it's easy to handle authorization. Watch out for CSRF > and you are set! > > Chapter 7 of this book has some great info: > http://www.scribd.com/mobile/doc/214658821#fullscreen > > -- > You received this message because you are subscribed to the Google Groups > "AngularJS" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at http://groups.google.com/group/angular. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "AngularJS" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/angular. For more options, visit https://groups.google.com/d/optout.
