In the same domain, there are two systems that send an ajax request from one system to another to change one field of the database of the second system (if only user_id is sent to the second system ), how to ensure the security of ajax, I am afraid that everyone knows that the ajax after user_id is sent... in the same domain, there are two systems that send an ajax request from one system to another to change one field of the database of the second system (if only user_id is sent to the second system ), how can we ensure the security of ajax? What I am afraid is that we all know that the ajax after user_id is sent is not safe. Which of the following methods can be used to ensure security as much as possible?
This problem can also extend to the security between interfaces.
Reply content:
In the same domain, there are two systems that send an ajax request from one system to another to change one field of the database of the second system (if only user_id is sent to the second system ), how can we ensure the security of ajax? What I am afraid is that we all know that the ajax after user_id is sent is not safe. Which of the following methods can be used to ensure security as much as possible?
This problem can also extend to the security between interfaces.
This problem does not matter much with ajax. If there are two backend interactions, I don't quite understand what ajax plays in it, or even if it contains a front-end request, it is always a problem of resource authorization.
There are several authorization methods for resources. The OAuth2.0 framework is common and applicable in many scenarios. It can meet the needs of many scenarios, including server-to-server and server-to-client; however, it can also be implemented simply. For example, you can add a set of (LOGIN) authentication functions or perform corresponding permission tests on the backend. You Need To Know That ajax is also a common http request, cookie (session) is also included, so there is no difference between the authentication of common front-end interaction and ajax authentication.
Authentication can only be performed on the backend. The frontend can work with the backend, but cannot be implemented independently, because the frontend is insecure.