如何保护AngularJS $ http.post数据?
[英]How to secure AngularJS $http.post data?
问题描述
I came to a security concern while doing $http.post requests that are received by the backend of my app. 
我在执行$ http.post请求时遇到了安全问题,该请求由我的应用程序后端接收。 I can see all the data that is being sent using for example firebug in Firefox. 我可以看到使用Firefox中的firebug发送的所有数据。
Are third parties able to sniff this data? 第三方是否可以嗅探此数据? It would be disastrous if someone sniffed the password when someone registers a new account. 如果有人在注册新帐户时嗅探密码,那将是灾难性的。
Is there a way to secure my AngularJS front-end so that someone won't be able to steal the data in the POST request? 有没有办法保护我的AngularJS前端,以便某人将无法窃取POST请求中的数据?
Any advice will be appreciated :) 任何建议将被认真考虑 :)
2 个解决方案
解决方案1
5 2014-09-20 11:25:24
No javascript can secure your password. 没有JavaScript可以保护您的密码。 Use SSL. 使用SSL。 Or better yet, use services your user are already registered to like Google, Facebook or any openID/oAtuh provider so we don't need to go thought the annoying process of creating a new unique password verify the email :) 或者更好的是,使用您的用户已经注册过的服务,例如Google,Facebook或任何openID / oAtuh提供程序,因此我们不必去考虑创建新的唯一密码的烦人过程来验证电子邮件:)
解决方案2
2 2014-09-20 11:47:04
One of the ways to secure the data being set to/from the backend over HTTP/HTTPS is to not send them in plaintext. 通过HTTP / HTTPS保护从后端设置的数据的一种方法是不以明文形式发送数据。 For example, it is possible to send md5 digests of login information in an ajax call – and authentication information like passwords etc. should also never be stored as plaintext in your database on the backend. 例如,可以在ajax调用中发送登录信息的md5摘要–并且也不应该将身份验证信息(例如密码等)以纯文本格式存储在后端的数据库中。
You might find this https://code.google.com/p/crypto-js/ interesting. 您可能会发现此https://code.google.com/p/crypto-js/很有趣。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.