问题
I came to a security concern while doing $http.post requests that are received by the backend of my app. I can see all the data that is being sent using for example firebug in Firefox.
Are third parties able to sniff this data? It would be disastrous if someone sniffed the password when someone registers a new account.
Is there a way to secure my AngularJS front-end so that someone won't be able to steal the data in the POST request?
Any advice will be appreciated :)
回答1:
No javascript can secure your password. Use SSL. Or better yet, use services your user are already registered to like Google, Facebook or any openID/oAtuh provider so we don't need to go thought the annoying process of creating a new unique password verify the email :)
回答2:
One of the ways to secure the data being set to/from the backend over HTTP/HTTPS is to not send them in plaintext. For example, it is possible to send md5 digests of login information in an ajax call – and authentication information like passwords etc. should also never be stored as plaintext in your database on the backend.
You might find this https://code.google.com/p/crypto-js/ interesting.
来源:https://stackoverflow.com/questions/25948230/how-to-secure-angularjs-http-post-data