Thanks Daniel,
Is there any MD5 encryption on client-side data for this
type of hacking?
Pushpendra
On 2 January 2014 13:15, Daniel Tabuenca <dtabu...@gmail.com> wrote:
> Using HTTPS for serving scripts can help prevent man-in-the-middle
> attacks, and provide assurance that the script that is being executed came
> from the server specified in the SSL certificate.
>
> Angular js is no different than any other client-side technology, however,
> and the browser should not be considered a trusted platform. If a hacker
> has access to a cache sitting between the browser and the serve then they
> most likely have access to any session cookies and therefore don't even
> need to rewrite javascript (they can just impersonate the user directly and
> make their own requests).
>
> The server should never trust that the requests it receives from the
> browser are valid. It should always re-validate any data and ensure the
> user has permissions to perform the action specified in the request.
>
> Web application security is a pretty large topic, way to broad for a
> single forum post. I would suggest you find some good books on web security
> if you want to go into more depth.
>
>
>
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "AngularJS" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to angular+unsubscr...@googlegroups.com.
> To post to this group, send email to angular@googlegroups.com.
> Visit this group at http://groups.google.com/group/angular.
> For more options, visit https://groups.google.com/groups/opt_out.
>
--
You received this message because you are subscribed to the Google Groups
"AngularJS" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to angular+unsubscr...@googlegroups.com.
To post to this group, send email to angular@googlegroups.com.
Visit this group at http://groups.google.com/group/angular.
For more options, visit https://groups.google.com/groups/opt_out.
