Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How safe are angular route guards? [duplicate]

Tags:

node.js

typescript

angular

mongodb

angular-router-guards

I'm making an online store, and there's an administration part from where you can track orders and modify them.

It is protected by authentication, which is done on a node server, passwords is hashed into DB etc. but I'm worried about the route guard still being bypassed.

like image 878
Simeon Nakov Avatar asked Nov 30 '17 15:11

Simeon Nakov

People also ask

Can we use multiple guards in Angular?

We can use multiple route guards and then the route will only be accessible when all route guards return true. That's it!

Which route Guard is helpful in preventing unauthorized access to a component?

That is called AuthGuard. AuthGuard is used to protect the routes from unauthorized access.

1 Answers

You should be worried.

Route guards provide exactly zero security, like anything else that you implement on the client side. Things you implement on the client side can only be for the users convenience, but not for security.

You need to enforce security on the server side.

like image 81
Günter Zöchbauer Avatar answered Sep 17 '22 13:09

Günter Zöchbauer
Sign in to Comment

Related questions

Nodejs mssql ConnectionError: Login failed for user ' '
When to close Database with node-sqlite3 and express?
node.js api gateway implementation and passport authentication
Transform JSX to JS using babel
Node express HTML to PDF
Does package-lock.json need to be versioned in git?
Getting information from the Moodle API as a student
Get the list of connected users/client in Socket.io
Docker node alpine 8 Segmentation fault (core dumped)
npm WARN checkPermissions Missing write access
Sequelize 4.3.2 n:m (many-to-many) association: Unhandled rejection SequelizeEagerLoadingError
Discord <@!userid> vs <@userid>
Mongoose changes password every time I save with pre-save hook
Express middleware error handler
Can't connect to Node.js inspector on exposed Docker container port
Discord.js setGame() not working anymore
What is the javascript `_|_`?
Slack API - chat.update : "message_not_found"
LocalStrategy is not a constructor
How do I use `fs.readFile` to read an HTML file in Node.js?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!