Secure communications


#1

Hello all!
I havea question, does anyone have experience with secure http/https calls from angular app to the server?
How would one implement such a thing? Is there something out there written specifically for angularjs? Maybe crypto.js angular wrapper?

Thanks!


#2

You just make sure your endpoints are using ‘https://’ I generally have an apiUrl var so that I can switch between my local host and my server. Then for all my resource declarations I use apiUrl + ‘/path/to/my/endpoint’ as my url.


#3

When sending sensitive information do you recommend encrypting request body using something like crypto.js?


#4

I guess you could. The only scenario I could think of where it would help would be if someone had a mitm but if they have that it would only serve to set the bar a tad bit higher. Since they could easily just send you modified java script that gives them a way to decrypt everything. The only thing it would really do is slow down your communications because https already encrypts the body and if that is compromised it’s trivial to also compromise your js crypto. It might make it harder for someone trying to reverse engineer your app but it would just add time to the process it would by no means stop anyone who is dedicated at all.

May I ask who/what you are trying to defend against? A proper https setup should be perfect for most things. Check your server with https://www.ssllabs.com/ssltest/ if you want to make sure your doing things right.


#5

Actually, I am trying to defend against our Information Security Office! :blush:
So it is more of a internal policy thing.