Prevent the access to home.html if user is not logged in. about end-to-end-with-angularjs HOT 9 CLOSED

Hey @FWeinb, thanks for watching. My intent with this wasn't to be exhaustive in my approach to security, and in fact you would most likely want to avoid the XHR to home.html and instead precompile your angular templates into the JavaScript source using something like grunt-angular-templates to avoid extra network latency.

Your point still stands that any reasonable access control in a client-side app should be handled with both server and client; I made a conscious choice not to talk too much about security in the screencast as it would have added to the time significantly.

from end-to-end-with-angularjs.

Yeah. But by building such a login form some people might thing that this approche would be secure.
Talking about a AuthenticationService kinda implies some kinda of security.

Precompiling these templates would make a lot of sense too.
I am curious to see more of these Screencasts.
Laravel looks great to. Awesome to get an insight on how much php has improved lately.

from end-to-end-with-angularjs.

Yes, I actually had a note in my screencast script to talk about security and that this code is not very robust at the moment, but I became wary of how long it was already :)

Another thing to keep in mind is the interplay between the HTTP 401 interceptor we built and API data driven views; in my experience implementing single page apps most of the "pages" have some API request attached to them such that if a user wasn't authenticated they would get a 401 from the server and the client app would log them out.

I agree with you on Laravel 4, I was pleasantly surprised at how nice it was; closures and anonymous functions in particular are really nice features in the latest releases of PHP.

The next screencast in this series will look at taking everything we've built so far and working with the idea of how to treat your client-side code as a "first class" application, that has a separate codebase from your server component... and how to manage development and deployment in such a scheme. I'll be showcasing a tool called Lineman. If you are interested in pre-compilation and such I have a Lineman-Angular-Template created that we'll be using in the next screencast; feel free to take a sneak peek :)

from end-to-end-with-angularjs.

I also added some relevant security links in the bitly bundle from the video description: http://bitly.com/bundles/dmosher/5

from end-to-end-with-angularjs.

Great. Never used Lineman before. I am using yeoman (including bower and grunt) for that.
Looking forward to the next screencast.

from end-to-end-with-angularjs.

Cool, Lineman is like a smaller, lighter version of yeoman. We use grunt internally for task management, and there is a small CLI wrapper for running in dev mode and building production assets. You can also use bower with Lineman as well; there are a couple of differences that I'll highlight in the screencast :)

from end-to-end-with-angularjs.

Awesome! I will definitely look into Lineman! Can't wait to build things with AngularJS!

On Wed, May 22, 2013 at 7:40 PM, David Mosher [email protected]
wrote:

Cool, Lineman is like a smaller, lighter version of yeoman. We use grunt internally for task management, and there is a small CLI wrapper for running in dev mode and building production assets. You can also use bower with Lineman as well; there are a couple of differences that I'll highlight in the screencast :)

Reply to this email directly or view it on GitHub:
#1 (comment)

from end-to-end-with-angularjs.

Hey @FWeinb, I was just wondering if you'd had a chance to watch Security with Angular JS yet and if you think it covers enough of the security issues you were concerned about?

from end-to-end-with-angularjs.

Yeah. I liked it alot! Great work! Will close this issue now. Thanks!

from end-to-end-with-angularjs.