Sending confidential information using JavaScript when calling a web service
Question
I have an ERP system where I have build some web services for it. And for security reasons the consumer of the web service must send a master login username and password (set at my ERP application) in addition to other parameters. for example to call a web service to retrieve the annual salary for an employee the consumer calls the web service using the following URL:-
/jw/web/json/hr/getsalary/byid?master_username=superadmin&password_hash=9449B5ABCFA9AFDA36B801351ED3DF66&employeeid=A200121
Now i have downloaded a free and simple document management system, and to be able to call the above web service from the free software i can only do so using javaScript since i am not the owner of the software, but since i am sending the master_username and password_hash as part of the call then it is not be secure to do this using javaScrpt .
so my question is what other methods (other than master login username and password)i can use to make the web service call secure using javaScript; So the web service should be done using javaScript and should be secure?. Thanks in advance for any help. BR
:::Updated::: The javaScript look something similar to:-
<script type="text/javascript">
$(function() {
$.getJSON("https://MyERPsystem.com/jw/web/json/hr/getsalary/byid?master_username=superadmin&password_hash=9449B5ABCFA9AFDA36B801351ED3DF66&employeeid=A200121",
{
//code goes here
},
function(data) {
$.each(data.items, function(i,item){
//code goes here
});
});
}) </script>
1 answers
solution1
0 2012-11-12 11:22:51
you can use an SSL connection which is by default encrypted.
ps i'm not sure i understand why you can't authenticate users normally and then accept queries only for users in the authenticated SESSION.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.