Reputation: 2453
jQuery and Restful WebServices Security
I have a project with the following aspects:
Frontend web application made in PHP, jQuery (Ajax) with a local database for aspects like end users authetication and configuration of the frontend web application.
Backend REST Web Services (running in other domain and machine than frontend application), invoked by the frontend using jQuery and JSONP technique.
I need make that communication in a secure way and I don't know how. I hope someone can help me. I'll be very very grateful.
Upvotes: 3
Views: 1823
Answers (2)
Reputation: 8820
The easiest thing to do is to serve the Web Services through HTTPS and use HTTP Basic as the authentication method. This is simple to set up on both the client and server and supported by most front- and back-end frameworks.
If your web browser can speak HTTPS, Ajax (i.e. XMLHttpRequest) can speak HTTPS too. You can easily set the Authorization header in the Ajax requests, and the value can be built by just base-64 encoding a username and password retrieved from the user of the web application.
Upvotes: 2
Reputation: 14219
There is no simple answer for this, however there a few methods that you can choose to employ based on your specific needs.
- To secure web services you can authenticate requests using OAuth.
- Never trust input to the server, sanitize everything. Details here.
- Microsoft offers a generalized (eg. not Microsoft product-based) guide for building secure applications here.
Good luck!
Upvotes: 1
Related Questions
- Securing API in jQuery
- Secure Ajax call On Rest Api
- Calling a secured WebService from jQuery safely
- How to secure my webservices through JQuery/Javascript calls?
- Securing AJAX API
- Securing Rest Endpoints
- is my webservice secured using jQuery? experts help needed
- REST Web Service Security with jQuery Front-End
- securing an asp.net web service for use with jquery ajax