Reputation: 58963
Securing ajax calls
I need to make an ajax call from a site to a service exposed on another site and server and I need to make it secure, so that I'm sure that the call is a genuine call from the client site and form.
What are the best methods to obtain this?
Upvotes: 0
Views: 284
Answers (3)
Reputation: 13707
There are a couple approaches.
What I would lean towards is to have your server proxy the request, so the client only talks to your site.
- The user (using your client) authenticates with your site.
- The client issues the request to your server
- Your server forwards the requests to the remote server
- Your server forwards the response back to the client
Upvotes: 0
Reputation: 6636
At the super-high end of the security spectrum, you could have the server for the client application create a signed message using a private key, and include that message in the html of the client. Then the ajax call would forward that message in its call at which time the ajax server could verify.
Optimally the message would change to include user id, timestamp etc, so that a known good message could not be saved off and reused by a malicious client.
Upvotes: 0
Reputation: 3866
I would create a service on your server to do the call to the other site, and implement any type of sanitization there. Cross site ajax calls aren't even allowed on many browsers.
Upvotes: 1
Related Questions
- Securing ajax calls in a ASP.NET MVC application
- Jquery Ajax security concerns
- How to secure ajax handlers?
- Implementing Security for Ajax calls
- Making AJAX calls secure
- How to "Secure" AJAX calls?
- Securing AJAX requests
- How can I secure my ASP.NET AJAX application?
- How to secure AJAX request in ASP.NET?
- Session security and ASP.NET Ajax