-1

I've been trying to see how to properly protect important content that's passed in ajax calls with java script. Considering JavaScript can be viewed at any point, it is inevitable that some of your ajax parameters will be exposed as well. I know for a fact that obfuscation serves no purpose and protecting web content should be done on the server side. My question today is: is there a known method for creating a layer of protection on the server side of things? Please bare with the lack of knowledge in this matter...

Dimitri
  • 101
  • 2

2 Answers2

0

As Rook's comment mentioned, using HTTPS will protect your authenticated users from men in the middle reading their sensitive data.

You will need a log in system to authenticate your users. Once a user is authenticated, you can send them sensitive data over HTTPS only.

You are absolutely right about obfuscating your javascript not being a security feature.

0

You have to treat everything received over the net as untrusted. If there's any part of "everything" and "untrusted" that is unclear to you, take a course in simple English.

There's no general methodology to converting untrusted content into trusted content.

ddyer
  • 1,984
  • 1
  • 12
  • 20