AngularJS - Is using $http.get() to get a JSON configuration file secure?
Question
I'm getting a JSON file using relative path to get a JSON configuration file with some sensitive authentication data as follows: $http.get('app/config.json').then(function (data) {}
It's working fine, but I'm wondering how secure this is? Can this call be intercepted in any way and values substituted?
My site is deployed to https.
Thanks, Alan.
EDIT: To add more detail, the sensitive data I'm talking about it the redirect URI and client ID for an authentication flow; if these were changed to a site that tried to mimic the authentication provider, then someone could steal a users username and password.
1 answers
solution1
0 ACCPTED 2018-01-25 12:42:16
configuration file with some sensitive authentication data
It doesn't really matter how the client got the credentials (either via ajax call or already included in the page source or ...). When your browser/js/whatever uses the credentials to make a request, this will show up in the developer tools. So everyone can use those credentials. Thats pretty bad if you are billed by a 3rd party provider for using these credentials.
Can this call be intercepted in any way and values substituted?
As with the outgoing request, it will show up in the developer tools.
Don't send sensitive information to your client as long as you don't have to do it. Use a reverse proxy or the like. Add your credentials server-side.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.