Reputation: 15925
Security for JSONP
How would I secure JSONP data, so only certain people can access the data?
Upvotes: 1
Views: 492
Answers (2)
Reputation: 60580
One of the more common approaches is to generate an API key for each of those certain people, which basically acts as a username/password combination. If you look at how popular APIs like Twitter work, you'll see that mechanism in action.
A large advantage that comes with using a authentication token that's separate from the user's regular authentication is that it can't be used to fully compromise their account. So, if someone gains unauthorized access to the key, they can simply log in and request that their key be regenerated.
Upvotes: 2
Reputation: 2468
On a web application, JSON data gets transmitted with the usual HTTP request stack. As such, you'd need a HTTPS connection to have assurance the data wasnt evesdropped. If you're after securing the server-side database, this is a different question.
Upvotes: 1
Related Questions
- Jquery Ajax security concerns
- Securing JSONP?
- jQuery JSONP Security
- How to secure JSONP requests with Web API?
- Securing JSON services
- Securing JSON and ASP.NET MVC2
- JSON Security
- Security Issues with JSONP in jQuery
- Security Request for JSon Result in Asp.Net MVc
- jquery, jsonp, error handling & security issues