Right now both my servers are working well and in sync using ajax to GET and POST requests(Json) to my backend. Problem is i doubt this is a secure way to achieve my goal. I have a few questions.
-
My understanding of it is that the client is directly accessing the back end through the webpage/ajax, not the client server. Is this a correct way of thinking of it? Would the solution be to grab the data from the user then send it through the node server that's running the front end then post that to the back end?
-
This is a public javascript file and attackers would be able to see the backend address(http://backend.com/data), is this a problem?
-
Is there a checklist that covers basic webpage security? I can't seem to find one.
This is my javascript code in the HTML of my webpage
$.ajax({
type: 'GET',
url: 'http://backend.com/data',
success: function(data) {
extresults = data;
console.log(extresults);
}
});
$.ajax({
type: 'POST',
url: 'http://backend.com/data',
data: {"la" : "lala"},
success: function(data) {
alert("post is good");
}
});
via T-BONE
No comments:
Post a Comment