Reputation: 808
Security issues in ajax call
When calling the AJAX call, the call request and response can see on console by using the firebug. This is major security issue. How can we hide the response(data) from the console?
Is there any option?
Upvotes: 3
Views: 374
Answers (3)
Reputation: 16905
If you're not concerned by the end user seing the data but someone "in the middle" then maybe you should use https
Upvotes: 0
Reputation: 81660
The fact that the data is arrived in the client means client has the authority to read and do whatever it wants with it. Now if that data is a security risk, then it should never be sent to the client in the first place.
If you are worried that someone other than the client might see it then use HTTPS.
If you are worried that people can see it in the firebug, well then that data is not supposed to be seen by client. Hiding firebug is only making it harder, not impossible. You may always use Fiddler to see HTTP content or even wireshark to see the packets.
Upvotes: 5
Reputation: 2576
You can never really hide something you send to the client, if you want to handle sensitive operations you should do so on a server you control.
Not knowing what it is you want to do, this is about what i can tell you...
Upvotes: 1