Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Routing security flaw in Angular/MEAN.io?

Tags:

javascript

angularjs

node.js

express

mean.io

I just installed the MEAN stack (MongoDB, Express.js, AngularJS, Node.js) and opened up the example program (as found on mean.io) and they have a basic app that you can login to and create blog "articles" just for testing and such.

Anyway, I removed the '#!' from the URL and it outputted the entire user and article models as they are in the database. It seams as though doing that made it stop routing through Angular and instead used the Express routes which are just JSON REST apis. Is this a flaw in the MEAN stack package, Angular as a whole, or maybe just a development environment setting? I can't imagine that this would be released with a huge flaw like that but maybe I'm just missing something..

Replicateable steps:

  • Follow installation instructions on http://mean.io
  • Goto your local app in the browser and create an account and login
  • Create an article
  • View the article item you just created and remove the #!/ from the URL, you then see the JSON object of your logged in user account complete with hashed password and salt, as well as the article object.
like image 555
ABlankenship Avatar asked Sep 29 '13 07:09

ABlankenship

People also ask

What is mean by routing in angular?

Routing in Angular allows the users to create a single-page application with multiple views and allows navigation between them. Users can switch between these views without losing the application state and properties.

What are the types of routing in angular?

Angular Router supports multiple outlets in the same application. A component has one associated primary route and can have auxiliary routes. Auxiliary routes enable developers to navigate multiple routes at the same time.

Should I add angular routing?

At the basic level, routing allows angular to display different "pages" or components. You probably want to have it, if you want to navigate across pages in your application. It shouldn't hurt anything if you add it, but don't use it.

2 Answers

Its just an app configuration. If you change the routes.js from: 

app.get('/articles', articles.all);

to 

app.get('/articles', auth.requiresLogin, articles.all);

Then if you try and hit the url /articles directly you get the message:

"User is not authorized"

Instead of JSON listing all the articles.

like image 193
inic Avatar answered Oct 22 '22 08:10

inic

As you say, removing the #! causes the routing to be handled by the server. The node API then dumps the user object in the response.

The problem is completely independent from Angular - the app is only served by Node at the / route. Angular then uses the hash value to show the correct page.

This is probably just a problem with the example provided by MEAN. The app itself is insecure, when they talk about best practices that refers to the code structure and setup rather than the quick demo.

You could ask them about it, since there will probably be people who build on top of the example and don't fix the security issues.

like image 21
Matt Zeunert Avatar answered Oct 22 '22 08:10

Matt Zeunert
Sign in to Comment

Related questions

javascript regex that gets all subdomains
Why does the alert coming from my loop always return the last value, not each iteration value? [duplicate]
How can I prevent CSS pseudo elements from disappearing during an animation?
How were livicons made?
jQuery extend overwrites wrong values
chrome.storage.sync doesn't sync between machines
read out KML FIle with Javascript
ExtJS 4.1 load content from external web page
How to handle requireJs timeout error?
Angular : src attribute bug in Iframe directive
Ensuring one AngularJS controller loads before another
Is it bad practice to have a switch case in a switch case?
jquery text() not comparing to string
Case-insensitive wrap substring with tags
Convert function source code to a string in NodeJS/JavaScript
How to check if an element with id exists or not in jQuery?
Is there a way to move an element outside of its parent with jquery?
jquery get only first checkbox of a tr
Submit form with Javascript doesn't work
Insert javascript variable as background image source

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!