开发者

Anyway to make API calls to HTTP basic auth more secure?

I'm working on a few smaller projects, and probably a lot more later on, that will be using HTTP basic auth to fetch and post data. Some example APIs are MongoHQ and Wufoo.

The projects are heavily AJAX based and for different people. For prototype purposes I have a PHP script on my server that just says the following to turn the JSON responses into JSONP:

<?php
  echo $_GET['callback'].'('+file_get_contents($_GET['url'])+')';
?>

The problem with that is m开发者_运维问答y JSONP call contains the user:pass meaning, anyone can just view source, copy the user and pass, and then make a POST request.

Is there ways to make this secure without having to do all API calls directly through PHP and would allow me to use the same script from multiple projects? In the perfect world I could write a single script that would let me do HTTP basic auth stuff and never have to touch that file again no matter what API and the user and pass is somehow hidden some way (like my example above).


You can use SSL (https) connection.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜