asked on How to protect your own Web Service call?
I need to call a Web Method on an API I am using, and will locate this call to the API, on the server side, so that the API keys can be hidden. But, I still need to make A call from the client, and could make a wrapper function which implements my own security, then calls to the API securely.
Since I will have control of both ends of my call, the Javascript client and my wrapper Web Method, what are my options?
I will not have the ability to lock down access to my HTML page, since my HTML/Javascript will be part of a larger page.
Thoughts?
Since I will have control of both ends of my call, the Javascript client and my wrapper Web Method, what are my options?
I will not have the ability to lock down access to my HTML page, since my HTML/Javascript will be part of a larger page.
Thoughts?
Web DevelopmentASP.NETJavaScriptPHPSecurity
Last Comment
Julian Hansen
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
I guess that is the heart of the question, HTTPS.
So long as I have the SSL certificate for that domain where my webpage is hosted, HTTPS will encrypt the conversation, and not need credentials or keys, because no other webpage can make that call to my webservice. This is why no keys or password are needed for a webservice I host at my domain, the same domain as where the HTML/JS file is hosted.
True?
So long as I have the SSL certificate for that domain where my webpage is hosted, HTTPS will encrypt the conversation, and not need credentials or keys, because no other webpage can make that call to my webservice. This is why no keys or password are needed for a webservice I host at my domain, the same domain as where the HTML/JS file is hosted.
True?
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
I mean it is a common construction to work with a middle tier, imagine all databases applications will do that. The end user coomunicates to a web service and the webservice controls access to lower shells. The only point you have to take into account is, where the middel tier is executed, as java is (usually) a client executed language while others like php or aspx or executed on the server. So you have to make sure that your java codes (at leas the middle tier) runs on the server to be invisible by the client.