1

I came to a security concern while doing $http.post requests that are received by the backend of my app. I can see all the data that is being sent using for example firebug in Firefox.

Are third parties able to sniff this data? It would be disastrous if someone sniffed the password when someone registers a new account.

Is there a way to secure my AngularJS front-end so that someone won't be able to steal the data in the POST request?

Any advice will be appreciated :)

Improve this question

2 Answers 2

Reset to default
6

No javascript can secure your password. Use SSL. Or better yet, use services your user are already registered to like Google, Facebook or any openID/oAtuh provider so we don't need to go thought the annoying process of creating a new unique password verify the email :)

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

What about the standard HTML POST form? Is it less vulnerable or the same as javascript?
GET vs POST has no significant security other then GET will show the full URL it the adressbar. if it were ajax it would be the same thing
Also POST allows more data to be posted
@eslaron SSL / TLS provides transport layer security between the client and server i.e. data sent over the wire is encrypted.
2

One of the ways to secure the data being set to/from the backend over HTTP/HTTPS is to not send them in plaintext. For example, it is possible to send md5 digests of login information in an ajax call – and authentication information like passwords etc. should also never be stored as plaintext in your database on the backend.

You might find this https://code.google.com/p/crypto-js/ interesting.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.