i have web site app developped larevel 4.2, in have web service call ajax. problem url , credentials of web service shown user. there method give user credential vailable 1 time ?
it bad form use security credentials directly in ajax call. if using web-security product, supports user sessions. after user has logged secured site, he/she provided special cookie identifies both person , client machine being used. every web-security product provides back-end applications access user's credentials, via key called session_id. this, in combination secured ssl connection, can used verify both whom user , machine connecting from. ajax call shouldn't require beyond verification of session_id.
i worried here may using 'off-site' ajax call. more , more browsers disallowing cross-site scripting default, bad idea. if case, redesign of web service should performed, required credentials maintained securely on server , not provided client.
Comments
Post a Comment