Hide ajax calls from tools like firebug and other

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • raknin
    New Member
    • Oct 2007
    • 82
    #1

    Hide ajax calls from tools like firebug and other

    Hi,

    is there anyway to hide my AJAXs calls to the server from tools like Firefox firebugs and others. Regular users can not see it by default, but users who use firebug and other related debugging tools can do. This expose the site to attacks.

    Any Ideas?
    Tags: None
    • rnd me
      Recognized Expert Contributor
      • Jun 2007
      • 427
      #2
      no.

      it doesn't really open you to any attacks though.

      think of ajax as simply opening another page in the background.
      if you are not distributing pages you don't want anyone to see, you have nothing to worry about.

      -you could encrypt the info.
      -you could use comet to stream the data on a persistent connection. (super complicated).
      -follow good server security practices and not worry about it.


      all in all i guess i am trying to say that http requests etiher from a page url or an ajax call are publicly available. dont use ajax as an excuse to start doing things you shouldn't; you will compromise security.

        Comment

        • gits
          Recognized Expert Moderator Expert
          • May 2007
          • 5390
          #3
          that is quite true ... and i would like to add the next level to it too :: i would consider it a security issue when i couldn't trace what requests are started from my machine ... so i MUST have the ability to track such requests ... even when you manage it to hide it from firebug then i just need to use anything that observes my outgoinig/incomonig HTTP requests ... so what i really want to say is: you cannot and you shouldn't try to do that, and have rnd_me's advices in mind ...

          kind regards

            Comment

            Previous template Next
            Working...