Reputation: 113
Code visibility in AngularJS
Today I checked a source code of one of the websites done in Angular and I wondered if it is a good practice to display bits like below available for everyone to see.
ul class="nav-account desktop-only" ng-show="!User.isAuthenticated" ng-cloak
I understand it is safe in terms of back-end because I cannot set these parameters but I just wondered if this is a good practice or is there any alternative?
Upvotes: 0
Views: 87
Answers (2)
Reputation: 14875
There is no alternative. You can go and also see all the code for the controllers, directives and provides. Probably it is minified but a good it will make that readable again.
This is always anywhere the case if you give software to your client – you always do.
And even if you managed to obfuscate the code in a way nobody can ever read it again, the user could use a tool to simply log all request to the server made from his computer.
You cannot protect against your users. The only way to protect your service is to write a stable and secure API. (validate everything, send secure authentication tokens, protect against brute force)
Just as an example:
Apple does not try to hide their Angular directives. They are not even minified.
Upvotes: 1
Reputation: 519
The client side is never secure, and can never be trusted. Validations on the client side are highly recommended, while the server side MUST be validated and secured.
So examples like these are generally "ok" if any actions sent to the server are authorized anyway. It will just fail.
Upvotes: 2
Related Questions
- Using visibility API in Angular?
- visibility hidden in AngularJs?
- On Refresh or On Load Page - AngularJS Code is shown
- How to hide Angularjs source codes?
- Visibility with AngularJS
- AngualrJS - controller visibility
- setting visibility in angularJS scope
- How to hide source code of a function like angular website?
- Angular Code not showing up on html page
- Scope property visibility