Hello,
This is how I secure an AJAX request. I am interested in your opinions.
Instead of session or cookies, we write into the server's memory.
---------------------------------------------------------------------------------------------------
On program start we write a UUID key into the memory of the server.
function Main ()
cUUID: = GenerateUUID ()
hb_setenv ("pwd", cUUID) // memory write
---------------------------------------------------------------------------------------------------
On AJAX request we send a string - encrypted with cUUID - containing seconds ().
code = {{hb_jsonencode (encrypedtime ())}};
ogrid = $ ('# example'). DataTable ({
"ajax": {
"url": "landingpage.prg",
"type": "POST",
data: {username: matchcode, password: code, action: cAction,
---------------------------------------------------------------------------------------------------
function encrypedtime ()
local cVar: = Crypt (ALLTRIM (str (Seconds ())), cUUID)
cvar: = HB_BASE64ENCODE (cVar)
logging ("HB_BASE64ENCODE" + cVar)
return (cvar)
---------------------------------------------------------------------------------------------------
Inside AJAX call we decrypt and check the time against the time passed. If there is more than 2 sec difference we answer with an error msg.
function main ()
..
local hPairs: = AP_PostPairs ()
local cUUID: = hb_Getenv ("pwd")
code: = hb_UrlDecode (hPairs ['password'])
code: = HB_BASE64DECODE (code)
logging ("HB_BASE64DECODE" + code)
code: = Crypt (code, cUUID)
nSecsLapsed: = seconds () - val (code)
logging ("Seconds" + STR (nSecsLapsed))
Though its not 100% but will stop most.
What do you mean?
Best regards,
Otto
Secure an AJAX request
Ir a
- POLITICA DE PRIVACIDAD
- NORMAS DEL FORO
- GENERAL
- ↳ Uso del foro
- ↳ Mod-Harbour.V2
- ↳ Mod-Harbour
- ↳ Docs
- ↳ Anuncios
- ↳ Skype Sessions
- ↳ Varios
- ↳ Literatura y Documentacion
- ↳ Mod_HarbourPlus
- TOOLS AND UTILITIES
- ↳ TWeb
- ↳ Mercury
- ↳ Beacon Framework
- ↳ Beacon Framework: Dudas y Comentarios
- ↳ FastReport
- ↳ LetoDBF
- ↳ CSS Grid Layout / FlexBox
- ↳ HWeb - Videos de sesiones
- ↳ Configuracion Servidores - Config Servers
- ↳ FivEdit
- ↳ Git - GitHub
- ↳ Varios
- ↳ WebView2
- ↳ TDolphin 32/64
- ↳ ORM
- HARBOUR: LANGUAGE AND COMPILERS
- ↳ Harbour
- ↳ Compilers / Compiladores
- ↳ Test Unitarios
- WEB - GENERAL
- ↳ La Web: Conocer en profundidad
- ↳ Html
- ↳ Css
- ↳ JavaScript
- ↳ Ajax
- ↳ Varios
- OPERATING SYSTEMS
- ↳ Linux
- ↳ Windows
- ↳ Ios
- ↳ Varios