CODEWITHSUNDEEP
phpjavascriptsecurityjquery
AquinasTub
AquinasTub

Reputation: 8585

Safe JavasScript that calls PHP script that calls external web service

I have a PHP page that needs to make a call to a external web service. This Web service call takes a bunch of sensitive data from a html form on the PHP page, e.g. SSN, and returns info related to that person.

The problem is that the web service call should be made as soon as the customer fills in the SSN field and the field loses focus, so the page cannot be reloaded in any way. I was thinking about using jQuery to make a call to the web service, but AJAX unfortunately requires that you are on the same domain as the requested resource. So I'm thinking about creating an local PHP page that makes the call to the web service and then use JQuery to call this new page.

Questions:

  1. How do I use JQuery to call the local PHP script that makes the call to the web service?

  2. Because the JQuery code will take sensitive data from a html form and send it to the PHP script, how can I encrypt the data?

Upvotes: 1

Views: 1158

Answers (5)

L. Cosio
L. Cosio

Reputation: 227

The way to go is enabling SSL on your domain, and doing the xmlHTTPRequest to the https of the remote service

Upvotes: 0

Powerlord
Powerlord

Reputation: 88796

This probably won't help you in particular, but some webservices support something called JSONP, which adds a callback name to a normal JSON request.

However, chances are you will need to make some sort of local proxy, as not many JSONP services exist yet.

Upvotes: 0

Seb
Seb

Reputation: 25147

To call your PHP file:

var url = "http://localhost/data.php";
var params = {
  "SSN" : theSSN
};
$.get(url, params, function (){
  // Do whatever you need here, once the data arrives.
});

To call the external webservice from PHP, I'd suggest using cURL.

To encrypt, I'd suggest using the HTTPS protocol instead of encrypting manually from JavaScript.

Upvotes: 1

Bogdan Constantinescu
Bogdan Constantinescu

Reputation: 5356

1: Ajax request example: 

$.ajax(
{
       type: "GET",
       url: "http://yourdomain.com/yourpage.php",
       success: function (msg) { //does something }
});

More details here

2: php XOR is a pretty good encryption algorithm, I use it myself for a project with sensitive data. you can find the function here.

Enjoy! :)

Upvotes: 0

karim79
karim79

Reputation: 342635

1) $.get("myscript.php", function(response) { alert(response) });

2) I wouldn't encrypt using jQuery, it would be slow and easy to decrypt. Enabling SSL on the server would be a better solution.

Upvotes: 1

Related Questions