0

I made a simple SPA with vue JS, using vue Router.

I wanted to prevent users to access a particular page by generating a complex URL:

routes: [
    {
      path: '/',
      name: 'Home',
      component: Home,
    },
    {
      path: '/1B158839F8AA339E89BB50B1603E90EC68E0FD5565FE10A7CB32729FDDF7070A',
      name: 'MyHiddenPage',
      component: MyHiddenPage,
    }
]

I was wondering to what extend this might be secure.

In my opinion, it could be readable by a user since he has access to the entire application code. Am I correct?

Sebastien D
  • 4,369
  • 4
  • 18
  • 46
  • That is true. All your routes can be accessible by merely "[unminifying](https://unminify.com/)" the minified code. However, I would be interested in knowing what you would want to put in this page that you don't want people to see/access? – Rotiken Gisa Feb 03 '22 at 18:29
  • That would be a test page for some user. Ideally I should set up a password but wanted to spare some time in configuring my backend – Sebastien D Feb 03 '22 at 18:49
  • 1
    That just [security by obscurity](https://stackoverflow.com/a/534006/10975709), you still have to protect it by other means – captainskippah Feb 03 '22 at 18:49
  • Yeah I agree, very low security level – Sebastien D Feb 03 '22 at 18:53
  • 1
    SebastienD Got you. You might have to end up setting up the backend authentication because as pointed out by @doesnotmatter, it is a matter of when, not if, that a person finds out the page. As to what extend? Depends on how determined and skilled the attacker/intruder is. However, in most cases it is just a matter of unminifying the code before knowing everything that happens in an SPA or any other JavaScript application. So I would say it is not safe at all. I have a cyber security background and security by obscurity is often equated as having no security at all. – Rotiken Gisa Feb 03 '22 at 20:19

0 Answers0