Ah no. You definitely cannot protect confidential information on the front end, at all, ever. Some creative people in your office?
What if one reads the javascript source to your code? What if they de-uglify it? What if they look at the network tab of chrome dev tools and see the API calls to /resouces/81 and decide to just use curl? You cannot trust your users, and you cannot trust frontend javascript to be secure. All security (and enforcement of business logic for that matter) must-must-must be handled on the back end. (cue michael palin in a Cardinal outfit) The one rule of front end development is that you cannot trust the client code. And you're probably o.. The two rules of front end development are that you cannot trust the client code and you're probably overusing tables. And protect .. The three rules of front end development are that you cannot trust the client code, you're probably overusing tables, and you need to protect against script injection attacks and ... On Thu Nov 27 2014 at 5:08:37 AM Al J <[email protected]> wrote: > Security by obscurity will bite you in the @$$ later and lower your > credibility in the long run > > Find a method to protect a REST-ful api that you like and implement it > > You'll be able to re-use it in everything else you write and your stock > will go up > > https://www.google.com/search?q=how+do+I+protect+a+restful+api > > > > On Thursday, November 27, 2014 6:59:55 AM UTC-5, Dan Rybij wrote: >> >> There are $routeParams and $location.search() values that, if the user >> felt like changing /timecard/81 to /timecard/82 for example, he would be >> able to se someone else's confidential information. This is on a company >> intranet and my users are a creative bunch. >> >> I can protect the data in the app, but thought that an obfuscated path >> and query string would be easier and more re-usable than a bunch of code. I >> just learned about decorators and thought they might be useful here. I just >> don't know how to go about it. >> >> Thanks for the replies! >> >> On Wednesday, November 26, 2014 4:56:08 AM UTC-5, Sander Elias wrote: >>> >>> Hi Dan, >>> >>> Run your app inside an iframe. >>> But why would you want to do this? >>> >>> Regards >>> Sander >>> >> -- > You received this message because you are subscribed to the Google Groups > "AngularJS" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at http://groups.google.com/group/angular. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "AngularJS" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/angular. For more options, visit https://groups.google.com/d/optout.
