Comments (9)
Hey @FWeinb, thanks for watching. My intent with this wasn't to be exhaustive in my approach to security, and in fact you would most likely want to avoid the XHR to home.html
and instead precompile your angular templates into the JavaScript source using something like grunt-angular-templates
to avoid extra network latency.
Your point still stands that any reasonable access control in a client-side app should be handled with both server and client; I made a conscious choice not to talk too much about security in the screencast as it would have added to the time significantly.
from end-to-end-with-angularjs.
Yeah. But by building such a login form some people might thing that this approche would be secure.
Talking about a AuthenticationService kinda implies some kinda of security.
Precompiling these templates would make a lot of sense too.
I am curious to see more of these Screencasts.
Laravel looks great to. Awesome to get an insight on how much php has improved lately.
from end-to-end-with-angularjs.
Yes, I actually had a note in my screencast script to talk about security and that this code is not very robust at the moment, but I became wary of how long it was already :)
Another thing to keep in mind is the interplay between the HTTP 401 interceptor we built and API data driven views; in my experience implementing single page apps most of the "pages" have some API request attached to them such that if a user wasn't authenticated they would get a 401 from the server and the client app would log them out.
I agree with you on Laravel 4, I was pleasantly surprised at how nice it was; closures and anonymous functions in particular are really nice features in the latest releases of PHP.
The next screencast in this series will look at taking everything we've built so far and working with the idea of how to treat your client-side code as a "first class" application, that has a separate codebase from your server component... and how to manage development and deployment in such a scheme. I'll be showcasing a tool called Lineman. If you are interested in pre-compilation and such I have a Lineman-Angular-Template created that we'll be using in the next screencast; feel free to take a sneak peek :)
from end-to-end-with-angularjs.
I also added some relevant security links in the bitly bundle from the video description: http://bitly.com/bundles/dmosher/5
from end-to-end-with-angularjs.
Great. Never used Lineman before. I am using yeoman (including bower and grunt) for that.
Looking forward to the next screencast.
from end-to-end-with-angularjs.
Cool, Lineman is like a smaller, lighter version of yeoman. We use grunt internally for task management, and there is a small CLI
wrapper for running in dev mode and building production assets. You can also use bower with Lineman as well; there are a couple of differences that I'll highlight in the screencast :)
from end-to-end-with-angularjs.
Awesome! I will definitely look into Lineman! Can't wait to build things with AngularJS!
On Wed, May 22, 2013 at 7:40 PM, David Mosher [email protected]
wrote:
Cool, Lineman is like a smaller, lighter version of yeoman. We use grunt internally for task management, and there is a small
CLI
wrapper for running in dev mode and building production assets. You can also use bower with Lineman as well; there are a couple of differences that I'll highlight in the screencast :)Reply to this email directly or view it on GitHub:
#1 (comment)
from end-to-end-with-angularjs.
Hey @FWeinb, I was just wondering if you'd had a chance to watch Security with Angular JS yet and if you think it covers enough of the security issues you were concerned about?
from end-to-end-with-angularjs.
Yeah. I liked it alot! Great work! Will close this issue now. Thanks!
from end-to-end-with-angularjs.
Related Issues (14)
- Newer Laravel versions break authentication HOT 2
- auth/login not found HOT 1
- Including CSRF_TOKEN when using lineman HOT 7
- composer install error HOT 13
- Accessing the laravel routes using restangular.
- Auth::user() session not maintain in every page HOT 1
- DB Migration for the sessions table missing HOT 2
- Installation instructions - step 5 seems redundant (and causes an error) HOT 1
- update data provided by a service HOT 2
- html5Mode doesnt seem to work HOT 1
- How to install this on Windows? HOT 1
- Passing the Credentials static HOT 1
- "Follow the linking instructions for php55 that you see in brew info php55" HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from end-to-end-with-angularjs.