Skip to content Skip to sidebar Skip to footer

Javascript Calling A Rest Api With App Name And App Password - How Can I Secure It

I am sure this Question has been asked a lot of time. But wanted re-confirm my doubt and get some tips. i was planning to play around with buddy.com back end as a service. and i sa

Solution 1:

JavaScript running by the client can always be modified with GreaseMonkey. ALL VARIABLES can be read with a JavaScript debugger like Firebug. ALL REQUESTS can be intercepted and modified with tamperdata.

The result is that you can never trust JavaScript because its client side code. In order to keep a secret from an attacker, you need to keep it from JavaScript. You can do this with an intermediary API, that knows the secrets and performs requests on the client's behalf. This API needs to enforce authentication, or who has access to a given resource.

Post a Comment for "Javascript Calling A Rest Api With App Name And App Password - How Can I Secure It"