Javascript-ajax How to prevent data theft

The front-end intends to use Ajax to obtain data, but afraid of hard input data, by others through the analysis of Ajax returned data directly counter switch stolen away.

Is it through validation to prevent this behavior from happening? However, the current site is not required to register to use, so how should be prevented?

Thank you.

It probably is:

Back-to-front, back-end data with Ajax data

How to prevent others from forging Ajax to get data

Reply content:

The front-end intends to use Ajax to obtain data, but afraid of hard input data, by others through the analysis of Ajax returned data directly counter switch stolen away.

Is it through validation to prevent this behavior from happening? However, the current site is not required to register to use, so how should be prevented?

Thank you.

It probably is:

Back-to-front, back-end data with Ajax data

How to prevent others from forging Ajax to get data

Let's just say that your goal is to give some people some data, so it's against your original purpose to keep these people from grabbing your data.
It's like I'm giving you 10 bucks, and I don't want you to take these 10 bucks.

I've been working on this before, taking all kinds of measures, and finally achieving the effect is to increase the difficulty of crawling
This is the same as client-side encryption, no matter how you encrypt the confusion, the premise is based on a trusted channel, when the channel is not trusted, nothing is useless

Your site does not need to log on, then the default is that all content is free for everyone, directly browsing the data and calling the API to get data is different?
Even if you don't provide Ajax, crawling straight from the web is the same thing.

"The current site is not required to register to use, so how should be prevented."
"Others forge Ajax to get Data"

First you need to know how to differentiate the so-called "others". But look at the question does not explain.

Look at the landlord's needs, should be a content-based site, the demand should be afraid of others to steal their content.
Do everything has a cost, a safety principle is to improve the cost of each other's crime, pay more than to get a lot more, in order to get the other side to give up the purpose of the crime.

A more common approach is to create a watermark image of your content (data) on the backend, which is loaded by Ajax. At least others can't use it directly.

If you do not have an identity certificate, how to prevent it is the labor. Because you want to stop "others", you first have to recognize "others".

Identity verification is not an explicit login, but a Google-style tracker. To do this, even if you switch to the browser, the IP clears the browser cache, and the cookies are the same as the user.

To do that, and then to limit the frequency of the use of the numbers, to the suspect to force the input of the certificate, basically is Twitter, Google these big companies of the water.

The landlord said this data in some legal page after all to be displayed, so what method can not avoid being embezzled. It's just a cost of embezzlement.

I think there is no good way. If you want to get it, you'll get it.

1, the front-end display page when the backend output a unique signature;
2, Ajax from the front-end request to the backend to obtain data to pass the validation parameters, back-end re-validation signature
Do not know whether this idea can meet your needs (but this idea of the signature can still be obtained)

In simple words, you can add a SessionID to each AJAX request. The backend determines whether to return data based on SessionID. But there is no way to completely avoid crawlers to capture data.

Oauth2

Validate a token (encrypted string) every time an AJAX request is initiated

The server determines referer, if the domain name of referer is its own domain name, returns, otherwise does not return.

Access-control-allow-origin this header is enough.

The Web page is public, the data is public, any verification is futile, can be imitated by robot.

Perhaps the only thing that can be done is to process the data, such as a novel website without text,
It is a text-generated picture, which is an example to be consulted.

The server generates a token (such as MD5 (Key+ip+date), which is only known by the administrator), is sent to the user with HTML, and then the AJAX request is initiated by the user's browser, with the token generated by the server, and the server to determine the domain name of the source site + Token is correct after sending the data back to the user.
Before in order to prevent voting cheat device, think of this method.

In a word, as long as you can see, is can get, so do not tangle

This can be completely resolved, give everyone a thought, is to put the document in the browser's memory, to the browser cache, you can use overwrite cache. Let the pirate theft get an unused file, you can also indicate in the file which IP he is getting this file, frighten them, let them to steal theft have no confidence. I used to write a lot of procedures in Hong Kong, and will be stolen, so I studied this method, I hope you do not take the hard work of the results of the people to seize.

I see there is a called _ Shadow Xx_, here curse, admire Oh, his mother's hard to gather big him, but even a few lines of words can not understand, everyone said he know what to do?

What permission Ah, license Ah, to visitors all kinds of difficulty is just repulsion, do the front end is want to let everyone see, like _ Shadow Xx_ this incompetent can see. That's funny, everybody say right?
Back end nobody can see, this is the protection of intellectual property. The SRC call can be generated temporarily, can be generated more than once, can also be temporarily removed, the cache is controlled by me, understand? If you don't understand, send me an email, I'll tell you in private.

