Thanks Daniel, Is there any MD5 encryption on client-side data for this type of hacking?
Pushpendra On 2 January 2014 13:15, Daniel Tabuenca <dtabu...@gmail.com> wrote: > Using HTTPS for serving scripts can help prevent man-in-the-middle > attacks, and provide assurance that the script that is being executed came > from the server specified in the SSL certificate. > > Angular js is no different than any other client-side technology, however, > and the browser should not be considered a trusted platform. If a hacker > has access to a cache sitting between the browser and the serve then they > most likely have access to any session cookies and therefore don't even > need to rewrite javascript (they can just impersonate the user directly and > make their own requests). > > The server should never trust that the requests it receives from the > browser are valid. It should always re-validate any data and ensure the > user has permissions to perform the action specified in the request. > > Web application security is a pretty large topic, way to broad for a > single forum post. I would suggest you find some good books on web security > if you want to go into more depth. > > > > > > -- > You received this message because you are subscribed to the Google Groups > "AngularJS" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to angular+unsubscr...@googlegroups.com. > To post to this group, send email to angular@googlegroups.com. > Visit this group at http://groups.google.com/group/angular. > For more options, visit https://groups.google.com/groups/opt_out. > -- You received this message because you are subscribed to the Google Groups "AngularJS" group. To unsubscribe from this group and stop receiving emails from it, send an email to angular+unsubscr...@googlegroups.com. To post to this group, send email to angular@googlegroups.com. Visit this group at http://groups.google.com/group/angular. For more options, visit https://groups.google.com/groups/opt_out.