I'm starting with AngularJS and Rest (Java JAX-RS) and I have a question.
The functions responsible for Rest requests are easily viewed via the right-click browser Exibir código fonte da página
.
So, anyone in possession of this can access all the information available through the service, even if the Rest server needs authentication, since the user will be aware of all the data ...
$http({
method: 'POST',
url: "http://meudominio.com:8080/Integracao/rest/produtos",
headers: {'Content-Type': 'application/x-www-form-urlencoded'},
transformRequest: function(obj) {
var str = [];
for(var p in obj)
str.push(encodeURIComponent(p) + "=" + encodeURIComponent(obj[p]));
return str.join("&");
},
data: {
login: "login",
senha: "senha"
}
}).success(function (response) {
console.log("rest: "+response.response);
});
In the example above, a user would have access to URL, login and password.
Is there any way to hide it?