By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
437,568 Members | 1,194 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 437,568 IT Pros & Developers. It's quick & easy.

Hide ajax calls from tools like firebug and other

P: 82
Hi,

is there anyway to hide my AJAXs calls to the server from tools like Firefox firebugs and others. Regular users can not see it by default, but users who use firebug and other related debugging tools can do. This expose the site to attacks.

Any Ideas?
Jul 17 '08 #1
Share this Question
Share on Google+
2 Replies


rnd me
Expert 100+
P: 427
no.

it doesn't really open you to any attacks though.

think of ajax as simply opening another page in the background.
if you are not distributing pages you don't want anyone to see, you have nothing to worry about.

-you could encrypt the info.
-you could use comet to stream the data on a persistent connection. (super complicated).
-follow good server security practices and not worry about it.


all in all i guess i am trying to say that http requests etiher from a page url or an ajax call are publicly available. dont use ajax as an excuse to start doing things you shouldn't; you will compromise security.
Jul 18 '08 #2

gits
Expert Mod 5K+
P: 5,343
that is quite true ... and i would like to add the next level to it too :: i would consider it a security issue when i couldn't trace what requests are started from my machine ... so i MUST have the ability to track such requests ... even when you manage it to hide it from firebug then i just need to use anything that observes my outgoinig/incomonig HTTP requests ... so what i really want to say is: you cannot and you shouldn't try to do that, and have rnd_me's advices in mind ...

kind regards
Jul 18 '08 #3

Post your reply

Sign in to post your reply or Sign up for a free account.