0

Can I keep passwords secure from other programmers when using (minified) javascript Ajax jQuery? More specifically, when debugging with tools like Firebug, can I keep passwords (even encrypted) from others?

Here's a scenario: I build an XML doc (server side) and pass it to my jQuery/Ajax controller. Who's to say someone won't set a breakpoint in Firebug, copy and paste the encrypted userID, encrypted password and send their own request to the original URL?

Yes, I can do all of this server side. My question is, can I do it client side?

Let's face it peep's, when people want "secure" data these day's who are we defending ourselves from...other programmers.

Luv ya'll though.

Improve this question
1
  • you could make the login/password very secure on client side from 95% of users , and very easy to get for web developers... I think you think you already know this though.. Commented Jan 11, 2013 at 3:29

1 Answer 1

Reset to default
1

No you can't. You can only make it difficult to crack. This is the essential problem with DRM schemes:

They aim to control the content on the client from the client.

That said, unless you are trying to implement a DRM scheme, there is no need to compromise security. That is because authorization, authentication and validation should always happen on the server (or also on the server.)

The only credentials the client needs are its own credentials, and since the client needs them to log-in and already has them this is not a security problem.

Any credentials which would allow the client to go beyond her permission must remain in the server.

The server uses these credentials, on behalf of the client, only after proper authentication of the client and authorization of action.

Any architecture that passes credentials to the client and relies on client side obfuscation to maintain security is flawed.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.