0

I am designing a portal where I have to send requests to the server and get response from it. Since I'm writing the entire code in JavaScript [AJAX], it's hard to safeguard the URL's which i'm using. Right click --> view page source will make the entire script, URL's naked!

I know it's impossible to protect your code 100% by writing in JavaScript, Is there any ither way to do it? Any other language?

Improve this question
1
  • 4
    Yes, you sanitize user input and add validation in the back-end, then you're safe. Commented Apr 4, 2013 at 11:41

2 Answers 2

Reset to default
4

No. You cannot keep the communication between the user's browser and your server secret from the user.

If you don't want the user to know something, don't let the browser know it either.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

How does Facebook, twitter do??
@Fabrício Matté : I'm doing it, We are doing google authentication, It's safe, but still the url to the server is naked even after the authentication. If a hacker can get to the server. He might probably need 15-20 mins to ruin the entire Architecture :) I'm concerned abt that!
Facebook and Twitter don't keep the data they send to browsers secret from users. They authenticate users and reject requests for things that the user is not authorised for.
0

Anything that offers a public API needs to be absolutely paranoid about not only authenticating each request, but also ensuring that the authenticated user has the necessary authorisation to perform the request.

eg: DELETE /file/4

  1. You must make sure you have authenticated the person making the request.
  2. You must make sure the user is authorized to perform DELETE operations.
  3. You must make sure the user owns file 4.

Even if you expect your own website to be the only consumer of your API and you're not going to publicise it or document it, you have still implicitly made it public.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.