using ng-if to secure different content on page angular js

Question

I have div1 and div2. If a user is admin I want him to see both of them. If a user is a simple user, I want him to see only div2.

I used ng-if (beacuse it removes the div completely, and not using display:none) Is it safe? Can it be intercepted and/or changed by proxy tools and/or chrome developer tools. I didn't find any info on that.

Davin Tryon · Accepted Answer · 2014-04-29 11:13:13Z

9

Since all AngularJs code is client side, directives like ng-if will not protect you from proxy tools that target HTTP.

So, it depends what you mean be safe. If you are providing sensitive information from the server, then no UI pattern/tool will secure that information.

Usually in SPA applications, security is applied to the server API that the client is speaking to. The UI should be treated as under the control of the user.

answered Apr 29, 2014 at 11:13

Davin Tryon

67.2k15 gold badges145 silver badges136 bronze badges

anf if the website is running SSL?
– HS1
Commented Apr 29, 2014 at 11:24
1

SSL terminates at the browser. So it helps with Man-in-the-middle and proxy tools, but if somebody opens the JS console in the browser they have access to all the data. So, it is best not to send it if you don't need it.
– Davin Tryon
Commented Apr 29, 2014 at 11:28

Add a comment |

aamir sajjad · Accepted Answer · 2014-04-29 11:29:43Z

0

if i exclude the security discussion/consideration, I would prefer to use ng-show instead. I will introduce relevant modal properties in angularjs controller and show/hide based on them in html page.

Yes, the client side code can be investigated say using chrome developer tool and firebug etc.

I second @Davin Tryon suggestion, and say that Better to secure contents on server side.

answered Apr 29, 2014 at 11:29

aamir sajjad

3,0291 gold badge28 silver badges27 bronze badges

You can show/hide based on controller properties for ng-if, so I don't see a difference in that respect.
– Davin Tryon
Commented Apr 29, 2014 at 11:40
1

Intrinsic? ng-if happens during the link phase, ng-show adds and removes css. ng-if can be much, much better if you have many DOM elements because it will not link them. This will speed up render time greatly.
– Davin Tryon
Commented Apr 29, 2014 at 11:46
True, I agree with you.
– aamir sajjad
Commented Apr 29, 2014 at 11:50

Add a comment |

Collectives™ on Stack Overflow

using ng-if to secure different content on page angular js

2 Answers 2

Not the answer you're looking for? Browse other questions tagged
javascript
angularjs
security
or ask your own question.

Linked

Hot Network Questions

Collectives™ on Stack Overflow

2 Answers 2

Not the answer you're looking for? Browse other questions tagged javascriptangularjssecurity or ask your own question.

Linked

Related

Not the answer you're looking for? Browse other questions tagged
javascript
angularjs
security
or ask your own question.