Securing a cross-domain call
Question
We are using a program that runs on the client machine to control its devices (scanner, printer, etc).
On the server side, a .net website generates javascript to call methods of that program using cross-domain.
A schema will explain it better, the command request and response is in red:
Problem comes when we talk about security, any website (which does not belong to us) could use cross-domain to call our program and possibily execute anything.
I have no idea how to make it secure, we would like to make sure the command has been initiated by our servers.
Is there any already existing pattern for this kind of security behaviour ?
If not, any suggestion is welcome.
1 answers
solution1
0 ACCPTED 2013-02-19 11:56:50
When the client browser connects it can get a token(SSL?) from the company lan, which could be passed to the executable. executable then sends token to company lan for verification.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.