我如何有效地使用angularjs保持安全性？ [英] How effectively can I use angularjs keeping security in mind?

问题描述

当我知道它们不安全时，为什么我应该使用angular.js或其他类似的js框架。

Why should I use angular.js or other like js frameworks when I know they are not secured.

我的意思是安全性：

• 所有代码都是用纯JavaScript编写的。 javascript可以在devtools或firebug中编辑。像表单提交之类的东西可以很容易地被操纵。即使我尝试对所有http请求进行服务器端验证，我最终还是会做两倍的工作。

我怎样才能有效使用angularjs记住这一点？

How can I effectively use angularjs keeping above in mind?

谢谢。

推荐答案

全部客户端代码易于修改。因此，您不需要将任何需要安全的内容放入客户端代码中。客户端代码应该为最终用户定义视图元素，并为他们提供与服务器通信的简便方法。关于安全性，99％的需要通过适当保护敏感数据来处理服务器端。在服务器到客户端通信方面，您需要使用SSL。 Angular有一些内置的东西来帮助安全看到$ sce和ngSanitize但是IMHO你的后端应该是安全的，因为任何人都可以重新编写前端或使用命令行工具在服务器上发送各种curl请求，直到某些东西给出。客户端代码实际上不需要在客户端代码本身之外包含任何专有内容，如果你担心的话可以使用混淆工具，但最终甚至编译代码都可以被反编译或反汇编。

All client side code is susceptible to modification. For that reason you don't put anything that needs to be secure into the client code. The client code should define the view elements for the end user and give them an easy means to communicate with the server. Regarding security 99% of this needs to be handled server side by appropriately protecting the data that is sensitive. In terms of server to client communication you need to use SSL. Angular has some things built in to help with security see $sce and ngSanitize but IMHO your back-end should be safe because anyone can re-write a front end or use a command line tool to send various curl requests at the server until something gives. The client code really has no need to contain anything proprietary outside of the client code itself if that's your concern you can use obfuscation tools but ultimately even compiled code can be decompiled or disassembled .

这篇关于我如何有效地使用angularjs保持安全性？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！