dcsimg


DevX Home    Today's Headlines   Articles Archive   Tip Bank   Forums   

Results 1 to 7 of 7

Thread: AJAX Security

  1. #1
    Join Date
    Jan 2009
    Posts
    6

    Smile AJAX Security

    Hi ,

    Im building various ajax systems at the moment and am using firebug to examine the ajax requests that are being sent from my scripts. I was wondering if anybody knows if SSL prevents firebug from seeing the requests and therefor making it ever so slightly more secure?

    Thanks for your time .

    Juma929

  2. #2
    Join Date
    Oct 2005
    Location
    Maady
    Posts
    1,819
    No SSL just encrypt the data BEFORE leaving the browser and BEFORE leaving the server, then decrypt it BEFORE coming to the browser and before reaching the server ...

    And since the request could be analyzed by some work on the page source, then any support tool can do too ...
    Programmer&Cracker CS
    MyBlog:Blog.Amahdy.com
    MyWebsite:www.Amahdy.com

  3. #3
    Join Date
    Jan 2009
    Posts
    6

    Question

    Thank Amahdy .

    I was wondering how websites go around hiding their ajax requests from tools such as firebug. I never thought it possible until I was browsing http://www.autotrader.co.uk/ one day and realised that their search feature on the left was returning data without refreshing the page.

    It isn't a flash element and as far as I can see is just a collection of divs updating by what appears to be an Ajax method.

    Any help is appreciated and thanks again for your time

  4. #4
    Join Date
    Oct 2005
    Location
    Maady
    Posts
    1,819
    I checked the website, it call a function called "submitSearch()" which is inside the file "searchResults_v3.js" ... the tricky thing here for firebug is that the file is not loaded in the page but included in it ... u just have to know how to track in such case
    Programmer&Cracker CS
    MyBlog:Blog.Amahdy.com
    MyWebsite:www.Amahdy.com

  5. #5
    Join Date
    Jan 2009
    Posts
    6

    Unhappy

    Hey ,

    I was wondering how you meant "include" the js file. DO you mean using the src= element instead of placing the javascript all in the same page?

    Thanks ,
    Juma929

  6. #6
    Join Date
    Oct 2005
    Location
    Maady
    Posts
    1,819
    yes
    Programmer&Cracker CS
    MyBlog:Blog.Amahdy.com
    MyWebsite:www.Amahdy.com

  7. #7
    Join Date
    Jan 2009
    Posts
    6
    Hey,

    Thanks again for your help, the only thing im confused over is that my current system includes a javascript file such as:

    <SCRIPT LANGUAGE=\"JavaScript\" SRC=\"script.js\"></SCRIPT>

    BUT, I can still see the AJAX requests in firebug?


Similar Threads

  1. AJAX Security
    By OGLES in forum AJAX
    Replies: 10
    Last Post: 09-08-2008, 06:25 AM
  2. The AJAX "Top 5" security tips
    By moetarhini in forum AJAX
    Replies: 0
    Last Post: 06-14-2006, 06:28 AM
  3. New forum + some AJAX links
    By Lori in forum AJAX
    Replies: 0
    Last Post: 02-09-2006, 02:26 PM
  4. establishing security
    By Chris Boyle in forum Security
    Replies: 1
    Last Post: 06-20-2001, 11:59 AM
  5. Replies: 1
    Last Post: 09-13-2000, 10:15 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center
 
 
FAQ
Latest Articles
Java
.NET
XML
Database
Enterprise
Questions? Contact us.
C++
Web Development
Wireless
Latest Tips
Open Source


   Development Centers

   -- Android Development Center
   -- Cloud Development Project Center
   -- HTML5 Development Center
   -- Windows Mobile Development Center