Do I need Backend-for-Frontend if I am using a framework like Angular

Issue

I am using Angular for my frontend application, there is an already established backend service which I am using to retrieve data. I have no control over that backend service, it is more like a legacy system that is still in use.

I also implemented a middleware backend with Nest.js to make sure the application is secure, I did not want to expose data or implementation logic on frontend side of the application. However I think it might be unnecessary to include a middleware backend service since Angular is a well established framework, is there a way I can achieve the same level of security by using Angular instead of Nest.js?

Also I am new to the backend technologies and application security subjects, if you could provide the links for necessary information I would really appreciate that.

Solution

To answer your question, you cannot secure your backend code using a front-end framework/library. What if I use postman to get the data ? You secured your API in angular, since I’m not using Angular this leads to data leakage. If you have to secure your API you should do it in your backend technology either nest.js or express.js. Better safe than sorry!

Answered By – Arokia Lijas

Answer Checked By – Pedro (AngularFixing Volunteer)

Leave a Reply

Your email address will not be published.