Javascript-security issues of ajax in two systems in the same domain.

Source: Internet
Author: User
In the same domain, there are two systems that send an ajax request from one system to another to change one field of the database of the second system (if only user_id is sent to the second system ), how to ensure the security of ajax, I am afraid that everyone knows that the ajax after user_id is sent... in the same domain, there are two systems that send an ajax request from one system to another to change one field of the database of the second system (if only user_id is sent to the second system ), how can we ensure the security of ajax? What I am afraid is that we all know that the ajax after user_id is sent is not safe. Which of the following methods can be used to ensure security as much as possible?

This problem can also extend to the security between interfaces.

Reply content:

In the same domain, there are two systems that send an ajax request from one system to another to change one field of the database of the second system (if only user_id is sent to the second system ), how can we ensure the security of ajax? What I am afraid is that we all know that the ajax after user_id is sent is not safe. Which of the following methods can be used to ensure security as much as possible?

This problem can also extend to the security between interfaces.

This problem does not matter much with ajax. If there are two backend interactions, I don't quite understand what ajax plays in it, or even if it contains a front-end request, it is always a problem of resource authorization.

There are several authorization methods for resources. The OAuth2.0 framework is common and applicable in many scenarios. It can meet the needs of many scenarios, including server-to-server and server-to-client; however, it can also be implemented simply. For example, you can add a set of (LOGIN) authentication functions or perform corresponding permission tests on the backend. You Need To Know That ajax is also a common http request, cookie (session) is also included, so there is no difference between the authentication of common front-end interaction and ajax authentication.

Authentication can only be performed on the backend. The frontend can work with the backend, but cannot be implemented independently, because the frontend is insecure.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.