AngularJS Secure Storage Media
Question
I'm developing a client-side application using AngularJS. I need to request some authorization-related data from the server-side once and store it to be used in access control decisions. I don't want to request the data before every decision.
I tried to use browser local storage, but I found it can be edited in the browser which is not acceptable in my case. I've also thought about encrypting the authorization data but as long as the encryption is done client-side, it can be reverse-engineered.
Is there a secure (read-only) storage that can hold the authorization data to suite my case?
1 answers
solution1
1 2015-08-30 09:57:48
You're sending your data to the client, an environment you have no control over. What you can do at most is make it inconvenient for them to modify it.
To make it impossible to modify? You cannot do that. (Think of the problem abstractly: what you're trying to do is forbid the user to do some operations on his own device.)
That is why all kinds of security-related functions need to stay on the backend (an environment in your control), or at least include a backend component.
In your specific case, think of handling the view privileges on the client side as a usability feature: you don't want to direct your user to pages they are not supposed to see, but it is the backend's responsibility to only serve data they are actually allowed to access. So in case you have a malicious user who goes "where he's not supposed to", it'll be up to the backend to not send them data he's not supposed to see.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.