Angular rest 身份验证安全吗?
[英]Is Angular rest authentication secure?
问题描述
I am looking to connect to a secure REST service via Angular and have found the official way to do this is to set the authentication ticket as follows:
我希望通过 Angular 连接到安全的 REST 服务,并发现官方的方法是按如下方式设置身份验证票:
$httpProvider.defaults.headers.common['Authorization'] = 'dhfkssksk';
However isn't this insecure as anyone can simply view the JavaScript and find out the auth code?然而,这不是不安全,因为任何人都可以简单地查看 JavaScript 并找出身份验证代码?
1 个解决方案
解决方案1
1 2016-10-17 13:43:24
If you mean that your client app is connecting directly to your backend api (ie no 3rd party services), then the short answer is yes .如果您的意思是您的客户端应用程序直接连接到您的后端 api(即没有 3rd 方服务),那么简短的回答是yes 。
However, there are a few considerations you need to take into account:但是,您需要考虑以下几点:
You must only send this ticket to your backend and nothing else.
您只能将此票发送到您的后端,而不要发送其他任何内容。 Ie set an HTTP filter in angular that acts on every client-side request and only sends this Auth header if the URL matches your API url.即在 angular 中设置一个 HTTP 过滤器,该过滤器作用于每个客户端请求,并且仅在 URL 与您的 API url 匹配时才发送此 Auth 标头。You need to use SSL, to protect the token during transmission.
您需要使用 SSL,以在传输过程中保护令牌。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.