AngularJS how can I hide important DATA

Question

I just want to ask what would be the best way to hide sensitive data using anugularJS.

I am developping a VOD (Video On Demand) app in which I have to make movies' links hidden and not accessible by users.

For example, I get this JSON from backend using $http inside a moviesFactory:

{ "title": "movieTitle", "link": "www.some-provider-link.com/movie-link.mp4"}

And when I need to show the video, I put this JSON in my scope like that:

$scope.movie = moviesFactory.getMovie().then(callbackOk, callbackNonOk);

My problem is since the scope is accessible from user using chrome extensions or even angular.element(document.getElementById('anElementId')).scope() everyone can access my scope and see the links.

So what am I doing wrong? ANd how can I hide those data?

Are you returning those links to unauthenticated users? If so why not only return them when the user is authenticated? You could generate a temporary link for your authenticated users that is resolved on the server. Single page apps and authentication do require a different way of thinking than traditional server side rendered apps. — Lee Willis, Aug 23 '16 at 10:48
Offcourse, only authentificated users can watch movies and I want that those authentificated users can NOT see the source — Mehdi, Aug 23 '16 at 10:51

score 1 · Answer 1 · edited May 23 '17 at 11:51

1

You can't directly by this way, because javascript is executed in client side (and you have not full control of the sources you provide to the clients).

And sharing (encrypted/obscured or not) your complete files url ('www.some-provider-link.com/movie-link.mp4') it's NOT a good idea, if you are concerned of the privacy of those files.

You should consider including some sort of authentication (like tokens) and make an API in your server that gives you all the data you needs (like .mp4 files) as a stream of bytes, when a user is authenticated.

edited May 23 '17 at 11:51

Community

1
1

answered Aug 23 '16 at 10:37

illeb

2,942
1
21
35

I am already using token authentification. Only authentificated users can watch movies and I want that those authentificated users can NOT see my links and then download directly videos from the provider website. What do you mean stream of bytes? – Mehdi Aug 23 '16 at 10:44
I mean that your server may function as a bridge for your provider links: user A wants 'kitty meow.mp4', makes an api request to your server requiring kitty meow.mp4 and your server grab the file from the provider and get back to your client (as a stream of bytes). That's all i can think. – illeb Aug 23 '16 at 10:48

AngularJS how can I hide important DATA

1 Answers1