1
I’m creating a system using MEAN Stack and I came up with a question ..
My angular client application requests the ex api: POST http://127.0.0.1/api/product
If some malicious user found the url of the api he could post without going through the client of my application for example, is there any way to avoid/circumvent it ? Like making requests for my api only from the client I allow ?
1
Check how the authentication standard works Oauth2, is the most widely used solution to ensure access to your resources in a secure manner.
I looked into Oauth. From what I understand, it serves to authenticate a user in the application, with this authentication I would do a permissions control for certain system functionalities ? That’s how it would work ?
Exactly, that’s the way it is!
Thank you Felipe, I will study more in depth this issue of Oauth.
Browser other questions tagged angularjs node.js rest mongodb mean
You are not signed in. Login or sign up in order to post.
Usually you create a hash that works only for that session, only it implies not letting your Restful application which is the default that prevents you from having any session control
– Sorack