stackoom
  简体   繁体   中英

how to prevent querystring values from being visible

 原文  2015-02-02 23:39:27       javascript/ jquery/ ajax/ asp-classic

Question

We have an application which is destined for https so the data being transmitted is protected (or should I say as protected as need be) I would like to know about protecting/hiding (or similar) queryString values. Its a jQuery/Javascript front end which communicates using a mixture of GET and POST with the database via classic ASP web services. The web services sends JSON back to the client.

I realize the front end code could be changed so everything is passed using POST however the application is finished and tested ready to deploy. There are some key values that are being passed in the querystring which should not have been. Is it possible to make it so the querystring values can not be inspected or sniffed. The URL and querystring together will provide a direct link to the raw JSON. We would like to prevent this. Perhaps there is some jQuery/AJAX feature which can be explored. Perhaps some server IIS level tactic? I guess the sniffing occur before the request gets the the server where the webservice sites therefore some server/IIS level tactic is not an option.

Any ideas/advice would be great, thank you.

2 answers

solution1
 2  2015-02-02 23:49:05

You can use HTTP headers to send data to the server that is slightly less visible, but can still be detected using more advanced developer tools and loggers. For example, this answer descibes using jQuery/Javascript (as you've asked) to send data without using QueryString.

You can't really prevent the client from being able to trace these details though.

The solution I personally suggest to you is to look into session state. By scoping a valid data response to a certain session state, and returning null when the state is invalid or expired, you can limit access to the data. This could be after just 1 time its been retrieved. This strategy would involve a generation of a token or code that is passed out from your server at an earlier stage, and used when asking for the data in question.

solution2
 0  2015-02-03 11:25:08

Another alternative is to either use SSL or encrypt your data and drop it into a posted control such as a text input box. Microsoft adopted a similar process for their VIEWSTATE within ASP.NET.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question how to get values from jquery querystring in servlet How can I prevent the brower's painting of an img from being visible? How to prevent values from being converted to strings in javascript? Prevent two div elements from being visible at one time & and # not recognized in getting values from queryString How can i pass values from querystring to javascript? How to pass querystring values from php to an HTML page? How to prevent false values from being added in meteor-autoform and SimpleSchema Prevent datepicker values from being stripped from params How to prevent the symbol “&” from being replaced by “&”
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM