Chapter 10. AngularJS Security
You might wonder why we are covering security in a book on AngularJS. Well, quite simply, security is one of the most important and most challenging tasks faced by an AngularJS developer. Itâs not that the developer is actually responsible for implementing the security layerâthat is not the case at allâbut it is very important for an AngularJS developer to understand the role that AngularJS plays in the overall security model of an application or website.
You should never attempt to implement an independent client-side security layer in an AngularJS application, or any other JavaScript application for that matter. Security should always be implemented on the backend services where the data resides. That is the only safe place to implement a security layer.
Remember the user has full access to the JavaScript running in the browser. As I said before, our AngularJS application runs in the userâs browser on the userâs hardware. The user can save the JavaScript locally and easily make modifications circumventing any security layer implemented by an unsuspecting JavaScript developer.
With that in mind, there are several rules that AngularJS developers and backend developers need to remember. Although actually implementing the security layer is not usually the job of an AngularJS developer, it is often a collaborative effort for all developers involved in a project. The following rules should always be considered:
- Always use SSL to communicate ...
Get Learning AngularJS now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
