I am using jquery for all my ajax thing, I don't know if that is fine but I use that for now.
I have one text input when user type characters in it I call server side get some values and add them on the view.
Code that I use bellow works fine but I want to improve it a little.
How can I make this ajax call so that users that want to investigate my page source code can't see what I call here?
So basically I want to hide from page source what url, what type and data send I use here, is it possible?
我在ajax中使用jquery,我不知道这是否合适,但我现在用它。我有一个文本输入,当用户输入字符时,我调用服务器端获取一些值并将它们添加到视图中。我使用bellow的代码很好用,但是我想稍微改进一下。如何进行ajax调用,以便希望研究我的页面源代码的用户看不到我在这里调用什么?基本上我想要隐藏我在这里使用的url,类型和数据,这可能吗?
$(function () {
$("#txtSearch").keyup(function (evt) {
$.ajax({
url: "/Prethors/Users/SearchUsers",
type: "POST",
data: "text=" + this.value,
success: function (result) {
$("#searchResult").prepend("<p>" + result + "</p>");
}
});
});
});
4 个解决方案
#1
4
No, a user will always be able to figure out what calls you are making if you include it in javascript.
不,如果在javascript中包含调用,用户总是能够知道您正在调用什么。
You can compress and minify the javascript, but a determined person will always be able to find your url calls.
您可以压缩并缩小javascript,但是一个坚定的人总是能够找到您的url调用。
Here's a js compression site, for example. http://jscompress.com/
例如,这里有一个js压缩站点。http://jscompress.com/
#2
4
overall, you shouldn't worry about this. there is no way I'm aware of to hide your ajax calls, but you shouldn't need to.
总的来说,你不应该担心这个。我不知道如何隐藏您的ajax调用,但您不需要这样做。
-you could encrypt the info.
-你可以加密信息。
-you could use comet to stream the data on a persistent connection. (super complicated).
-您可以使用comet在持久连接上流数据。(超级复杂)。
-follow good server security practices and not worry about it.
-遵守良好的服务器安全操作,不要担心。
source: here
来源:这里
If you are really worried about this, you could set up kind of an anonymous URL, which will then redirect to where you really want to go based on some variable which is arbitrary.
如果你真的担心这个,你可以设置一个匿名URL,它会根据任意的变量重定向到你真正想去的地方。
for example, instead of going to "/Prethors/Users/SearchUsers"
例如,不要去“/Prethors/Users/SearchUsers”
go to "/AnonymousCall?code=5"
去“代码= 5 / AnonymousCall吗?”
from which you could execute the code you want for searchusers
从中您可以执行您想要为searchuser执行的代码
#3
3
You can't hide client-side code. You can disguise it with minification but sensitive data should always be stored and processed on the server-side.
您不能隐藏客户端代码。您可以通过缩小来掩盖它,但是敏感数据应该始终存储在服务器端并进行处理。
#4
0
Use console.clear(); after you ajax calls :P It just clears the reqs from the console but you still cannot hide client side calls.
使用console.clear();在ajax调用之后:P它只是从控制台清除req,但是仍然不能隐藏客户端调用。
#1
4
No, a user will always be able to figure out what calls you are making if you include it in javascript.
不,如果在javascript中包含调用,用户总是能够知道您正在调用什么。
You can compress and minify the javascript, but a determined person will always be able to find your url calls.
您可以压缩并缩小javascript,但是一个坚定的人总是能够找到您的url调用。
Here's a js compression site, for example. http://jscompress.com/
例如,这里有一个js压缩站点。http://jscompress.com/
#2
4
overall, you shouldn't worry about this. there is no way I'm aware of to hide your ajax calls, but you shouldn't need to.
总的来说,你不应该担心这个。我不知道如何隐藏您的ajax调用,但您不需要这样做。
-you could encrypt the info.
-你可以加密信息。
-you could use comet to stream the data on a persistent connection. (super complicated).
-您可以使用comet在持久连接上流数据。(超级复杂)。
-follow good server security practices and not worry about it.
-遵守良好的服务器安全操作,不要担心。
source: here
来源:这里
If you are really worried about this, you could set up kind of an anonymous URL, which will then redirect to where you really want to go based on some variable which is arbitrary.
如果你真的担心这个,你可以设置一个匿名URL,它会根据任意的变量重定向到你真正想去的地方。
for example, instead of going to "/Prethors/Users/SearchUsers"
例如,不要去“/Prethors/Users/SearchUsers”
go to "/AnonymousCall?code=5"
去“代码= 5 / AnonymousCall吗?”
from which you could execute the code you want for searchusers
从中您可以执行您想要为searchuser执行的代码
#3
3
You can't hide client-side code. You can disguise it with minification but sensitive data should always be stored and processed on the server-side.
您不能隐藏客户端代码。您可以通过缩小来掩盖它,但是敏感数据应该始终存储在服务器端并进行处理。
#4
0
Use console.clear(); after you ajax calls :P It just clears the reqs from the console but you still cannot hide client side calls.
使用console.clear();在ajax调用之后:P它只是从控制台清除req,但是仍然不能隐藏客户端调用。