I'm learning Angular and SPA's in general and I hope someone can provide me some guidance and educate me on this particular topic.
For an Angular app in development, I am aware that we are able to select a Component in order to access its state/properties and methods using ng.getComponent(component)
whereby ng is accessible at the global scope.
As far as I am aware, the **ng ** namespace is not available during production.
Are there other ways that end users would be able to access and thereby change an Angular application's state in production?
If so, how are we able to protect our application's state?
Thank you in advanced.
CodePudding user response:
You cannot change a component state through the browser after it have being compile in production mode.
Extras
To get a bit further, and also to give responses to the main comments
You can try to protect the front-end the way you want, fact is, that doesn't matter.
A hacker won't be changing the ui, but the request he send to the server. at some time in an e-commerce, you'll have to send to request to the server, which will then be taken by your api which will deal with those information.
The only data that should transit should be the token of the user & the id of the item/s the user want to buy. The api should calculate the rest, so basically, you will have to do the calculation 2 times, 1. in the front (I would request the API to send me the total amount) and 1 in the backend.