search

NorikDavtian / ng-store

A take on AngularJS and FireBase shopping cart project built for front and admin SPA app development Demo: https://ng-store.firebaseapp.com/
Other
41 stars 16 forks source link

How do you guard against cart manipulation? #2

Closed robconery closed 8 years ago

robconery commented 8 years ago

Fascinating project - but with the data stored locally (it seems) I can't see how it's possible to avoid cart manipulation. Even if it's stored on Firebase - a clever person would be able to update their cart directly from the command line.

What types of lock-down would you suggest?

screen shot 2015-11-09 at 11 33 26 am

NorikDavtian commented 8 years ago

Hey @robconery ,

Thanks... You are right. The only way to mitigate any sort of cart manipulation is to have a backend that would be able to validate and handle the logic. This approach is not answer it all kind of solution, rather than just a simple starting point tutorial.

Also, firebase provides read write permissions on data not covered here, but it is worth checking it out if you are looking to continue this further.

I should also update this with latest version of Angular and Firebase too.

robconery commented 8 years ago

Yeah I've been looking at it a lot - it's a bit limited in this regard. There's not much you can do to get away from the need for a server... which is a bummer :(.