Currently i’m looking at making my next project with Ionic. Basically its a simple app with mostly data retrieval from an API (probably Azure or PHP REST) but i want to add a user-component to add/update information and make the app itself also available on the web. Now i know that all of the code of ionic will then be available in the sourcecode of my webpage so i need to make sure the users cannot simply bend my app to change or remove database entries.
Possible modules to use are https://github.com/TerryMooreII/angular-azure-mobile-service and https://github.com/rheckart/angularjs-service-azuremobileservices
One of the solutions i’ve read about on the web is by using oAuth to register and login my users. By using that token i know who’s who and thus who can make what database-calls. Another would be to use PHP to sign my users in and provide a custom login or use NodeJS as a backend.
But since i’m using Angular for my client-side rendering, i need to make sure this is a safe way of doing things. Now i’m not really experienced with oAuth or NodeJS so there will be lots of trial and error on that part but if it can easily be modified to break my app or my database.
So in short: will using oAuth provide my app with enough protection to implement a user service and enable me to also run this as a website? Or do i need to rely on modifications (for either Mobile or the web-version) to increase protection and prevent abuse?
Its not that i’m making an app that needs to be bulletproof. I’m not dealing with payments and not dealing with other sensitive data but i don’t want my app to break by some scriptkiddy all because i wasn’t aware of the possible security breach.