A veteran web developer here, so need some philosophy update here, now when I start developing in Angular 2.
So I'm going for the architecture where all the Angular 2 app is served as bunch of static files (bundled by webpack, but static nevertheless) and all the client-server communication takes place via RESTful API. The api keeps all the functions locked if the session is not authenticated (with an exception of authentication API, of course). Where I'm getting uncomfortable is that the application files can be accessed by unauthorized user - with some dedicated digging, they can find out a lot of info about the interface and data structures. Enough to prepare various type of phishing or hacking attacks. If the application is served with oldschool approach, the html prepared on the server side, the only thing accessible by unauthorized user is the authentication page. What is the general feeling in the Angular camp about this? That there is nothing special in the interface and data structures that is worth hiding? And that all that has to be secure is the REST API as that is all that matters? Or there are Angular 2 patterns that serve the "secure" static files of an Angular 2 application only when the user is authenticated? -- You received this message because you are subscribed to the Google Groups "Angular" group. To unsubscribe from this group and stop receiving emails from it, send an email to angular+unsubscr...@googlegroups.com. To post to this group, send email to angular@googlegroups.com. Visit this group at https://groups.google.com/group/angular. For more options, visit https://groups.google.com/d/optout.
