jQuery and Restful WebServices Security
I have a project with the following aspects:
Frontend web application made in PHP, jQuery (Ajax) with a local database for aspects like end开发者_如何学编程 users authetication and configuration of the frontend web application.
Backend REST Web Services (running in other domain and machine than frontend application), invoked by the frontend using jQuery and JSONP technique.
I need make that communication in a secure way and I don't know how. I hope someone can help me. I'll be very very grateful.
The easiest thing to do is to serve the Web Services through HTTPS and use HTTP Basic as the authentication method. This is simple to set up on both the client and server and supported by most front- and back-end frameworks.
If your web browser can speak HTTPS, Ajax (i.e. XMLHttpRequest
) can speak HTTPS too. You can easily set the Authorization
header in the Ajax requests, and the value can be built by just base-64 encoding a username and password retrieved from the user of the web application.
There is no simple answer for this, however there a few methods that you can choose to employ based on your specific needs.
- To secure web services you can authenticate requests using OAuth.
- Never trust input to the server, sanitize everything. Details here.
- Microsoft offers a generalized (eg. not Microsoft product-based) guide for building secure applications here.
Good luck!
精彩评论