Last post Oct 06, 2017 06:19 AM by AngelinaJolie
Oct 04, 2017 02:16 AM|asplearning|LINK
Hello everyone, I have a question about angular js security. I have this sample data:
myController.users = [
user_name: "Item 1 2345"
I could right click in chrome and go to angular js debug tool and make the changes I want to the item in the array. For example I could change user_id from 123 to 456. Is there a way I could protect the data mainly the ID? One way I could think of is to
encrypt the ID and decrypt it on the server once the data is submit. But just wondering if there is a better way.
Oct 04, 2017 03:11 AM|AngelinaJolie|LINK
Here is a way for encryption.
1Include the Adyen Client-Side Encryption library into your page:
Note that card input fields should not have the name= attribute, but are annotated by the data-encrypted-name= attribute, to mark them for
encryption. This makes sure that the input values are never sent to the server.
<form method="POST" action="#handler" id="adyen-encrypted-form">
<input type="text" size="20" autocomplete="off" data-encrypted-name="number" />
<input type="text" size="20" autocomplete="off" data-encrypted-name="holderName" />
<input type="text" size="2" maxlength="2" autocomplete="off" data-encrypted-name="expiryMonth" />
<input type="text" size="4" maxlength="4" autocomplete="off" data-encrypted-name="expiryYear" />
<input type="text" size="4" maxlength="4" autocomplete="off" data-encrypted-name="cvc" />
<input type="hidden" value="generate-this-server-side" data-encrypted-name="generationtime" />
<input type="submit" value="Pay" />
More details ,please refer to
Bests, Angelina Jolie
Oct 04, 2017 03:26 AM|asplearning|LINK
Thanks for the reply. I will have a go with the encryption. Will this work with angular js too?
Oct 04, 2017 02:56 PM|bruce (sqlwork.com)|LINK
it would be the same issue with a plain web form. any user can modify the post data via the debugger tools. any data the user is not allowed to change should either by ignored in the post-back data or encrypted.
Oct 04, 2017 08:30 PM|asplearning|LINK
Bruce, what do you mean same issue with a plain web form? I always thought that it's safer to use .net controls running on the server compared to running on the clients. Did I misunderstand the whole thing?
Yes encryption is what comes to my mind. Just thought there may be some way around this.
Oct 06, 2017 06:19 AM|AngelinaJolie|LINK
Hi asplearning ,
Will this work with angular js too
Of course, as we know, in fact , we could use jquery in angular , but we know jqlite in angular is common ,although if we use jquery ,it doesn't effort yet, because jqlite is the sub of jquery ; so don't worry that .
With regards,Angelina Jolie