I've been trying to see how to properly protect important content that's passed in ajax calls with java script. Considering JavaScript can be viewed at any point, it is inevitable that some of your ajax parameters will be exposed as well. I know for a fact that obfuscation serves no purpose and protecting web content should be done on the server side. My question today is: is there a known method for creating a layer of protection on the server side of things? Please bare with the lack of knowledge in this matter...
Asked
Active
Viewed 734 times
-1
-
It is unclear why HTTPS is not sufficient. – rook Dec 17 '13 at 00:49
2 Answers
0
As Rook's comment mentioned, using HTTPS will protect your authenticated users from men in the middle reading their sensitive data.
You will need a log in system to authenticate your users. Once a user is authenticated, you can send them sensitive data over HTTPS only.
You are absolutely right about obfuscating your javascript not being a security feature.
actual_kangaroo
- 116
- 1
-
I'm going to be looking into this. I didn't occur to me to apply HTTPS. Thanks! – Dimitri Dec 17 '13 at 03:02
0
You have to treat everything received over the net as untrusted. If there's any part of "everything" and "untrusted" that is unclear to you, take a course in simple English.
There's no general methodology to converting untrusted content into trusted content.
ddyer
- 1,974
- 1
- 12
- 20