AngularJS Security

May 15, 2015

Security should always be implemented on the backend services where the data resides. That is the only safe place to implement security layer.

The following rules should be considered

  • Always use some type of authentication on each REST service that contains private data.
  • Always sue SSL to communicate with REST services that contain private data (HTTPS)
  • Never implement a Cross-Origin Resource Sharing (CORS) layer that returns * as the list of allowed domains.
  • Always make sure that any Javascript that may get injected inside a JSON property does not get executed server side.

The responsibility for security rests entirely on the shoulders of the backend service developers.

In a production environment, SSL should always be used to protect private data and the user’s credentials.

Additional security steps could even be taken in the REST services to limit access to a particular machine or a particular IP address.