Secure an AJAX request

Responder
Otto
Mensajes: 50
Registered for: 3 years 6 months
Austria

Secure an AJAX request

Mensaje por Otto »

Hello,
This is how I secure an AJAX request. I am interested in your opinions.
Instead of session or cookies, we write into the server's memory.
---------------------------------------------------------------------------------------------------
On program start we write a UUID key into the memory of the server.

function Main ()
cUUID: = GenerateUUID ()
hb_setenv ("pwd", cUUID) // memory write
---------------------------------------------------------------------------------------------------
On AJAX request we send a string - encrypted with cUUID - containing seconds ().

code = {{hb_jsonencode (encrypedtime ())}};

ogrid = $ ('# example'). DataTable ({
"ajax": {
"url": "landingpage.prg",
"type": "POST",
data: {username: matchcode, password: code, action: cAction,

---------------------------------------------------------------------------------------------------

function encrypedtime ()
local cVar: = Crypt (ALLTRIM (str (Seconds ())), cUUID)

cvar: = HB_BASE64ENCODE (cVar)
logging ("HB_BASE64ENCODE" + cVar)
return (cvar)

---------------------------------------------------------------------------------------------------
Inside AJAX call we decrypt and check the time against the time passed. If there is more than 2 sec difference we answer with an error msg.

function main ()
..
local hPairs: = AP_PostPairs ()
local cUUID: = hb_Getenv ("pwd")

code: = hb_UrlDecode (hPairs ['password'])

code: = HB_BASE64DECODE (code)
logging ("HB_BASE64DECODE" + code)
code: = Crypt (code, cUUID)

nSecsLapsed: = seconds () - val (code)
logging ("Seconds" + STR (nSecsLapsed))


Though its not 100% but will stop most.

What do you mean?

Best regards,
Otto
Arriba
Responder

Volver a “Mod-Harbour”