Answer the question
In order to leave comments, you need to log in
R
R
regular person2018-08-17 18:51:38
regular person, 2018-08-17 18:51:38
How to protect ajax data?
The client sends an ajax request to the server and receives json data in response.
When using HTTPS, will this data be protected (encrypted), and if so, how securely?
I don’t have the task of making applications for banks or shops, I make, for example, business card sites, landing pages, social networks like LJ - that is, applications that, in general, there is no point in hacking and hacking is not deadly ...
I need a normal level of protection with minimal costs and sooner.
Please explain what are the disadvantages of such a solution and for which projects such protection is suitable.
2 answer(s)
@AUser0
Just as reliably as clients of online banking sites and banking applications on smartphones are protected.
In a word, it is the best way to protect, especially when
The disadvantages are a little more mathematical load on the server / browser (encryption / decryption), but it is suitable for any, ABSOLUTELY ANY projects priced above $0. In addition to the NSA, they will require one and a half to two layers of protection there.
@xmoonlight
There are 2 simple rules:
1. Always use your encryption algorithm.
2. Never trust a data link.
1. When registering, inside the e-mail link, pass a temporary token to the client.
2. By clicking on the link (mail confirmation) - exchange this token for a private user "key" and save the "key" in LocalStorage and in the database on the server.
3. When sending / receiving important data - encrypt / decrypt everything with this "key" both on the client and on the server. (periodically - update the "key")
4. Always add two additional parameters: "salt" in the form of a random set of characters (to change the encrypted message with the same data) and a timestamp (to control the age of the request and prevent attempts to apply past requests).
A
AUser0, 2018-08-17 @AUser0
When using HTTPS, will this data be protected (encrypted), and if so, how securely?
Just as reliably as clients of online banking sites and banking applications on smartphones are protected.
In a word, it is the best way to protect, especially when
The disadvantages are a little more mathematical load on the server / browser (encryption / decryption), but it is suitable for any, ABSOLUTELY ANY projects priced above $0. In addition to the NSA, they will require one and a half to two layers of protection there.
X
xmoonlight, 2018-08-17 @xmoonlight
And if so, how reliable is it?Not how much.
There are 2 simple rules:
1. Always use your encryption algorithm.
2. Never trust a data link.
1. When registering, inside the e-mail link, pass a temporary token to the client.
2. By clicking on the link (mail confirmation) - exchange this token for a private user "key" and save the "key" in LocalStorage and in the database on the server.
3. When sending / receiving important data - encrypt / decrypt everything with this "key" both on the client and on the server. (periodically - update the "key")
4. Always add two additional parameters: "salt" in the form of a random set of characters (to change the encrypted message with the same data) and a timestamp (to control the age of the request and prevent attempts to apply past requests).
Similar questions
A
T
S
I
L
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question