1

When we want to post some data to a php page via ajax , any one can see the URL and also the values being post.

It can be very dangerous, is there any way to secure this? Can I hide the URL or any way to encode the URL so users can't see it and access it ?

This is a sample code, as you can see, the URL can data are expose in the source and also on inspectors like Firebug.

function reg_user(id){
$(document).ready(function() { 
$.ajax({
   type: "POST",
   url: "reg_user.php",
   data: "id="+id,
   success: function(msg){
        str=$.trim(msg)
        if (str=='ok'){

        }
  }
   })   
})
};

thanks

GibboK
  • 71,848
  • 143
  • 435
  • 658
mohsen
  • 451
  • 2
  • 6
  • 15

3 Answers3

1

no way.all of the url you navigated would be caught by browser's development toolbar or net capture tool,such as wireshark.

Ajax is the a tool that make the javascript have the ability to sending http request,but javascript has no ability to encrypt http message.When call ajax function, it mean tell the browser to send a http request now.

Even though javascript has the ability to encrypt http message, you need write the encrypt key in you javascript code.

I have make a mistake, total http message are encrypted in https, both headers and request body,but this function is supplied by browser.If you use ajax in https website,javascript tell browser to send https request,and the browser in charge of encrypt the sending message.

yunnysunny
  • 183
  • 1
  • 15
0

No, a user will always be able to figure out what calls you are making via dev tools or some network monitoring tool. You may compress and minify the JavaScript, but a developer will always be able to find your URL calls.

Agree with @JosephtheDreamer comment: Every thing on client side will be visible just Secure your server side.

Similar question;

How to hide details in jquery ajax from browser page source

Good luck

Community
  • 1
  • 1
Aamir Shahzad
  • 6,683
  • 8
  • 47
  • 70
0

You should secure your server and the connection between you client and server application.

You can use HTTPS for communication, data passed in your header using POST will be encrypted using HTTPS automatically.

In order to hide you API URL you could consider using a proxy server, so you client application will call the proxy server, and the proxy server you real API. In this way only the URL to the proxy server is visible when inspecting the request from your client.

GibboK
  • 71,848
  • 143
  • 435
  • 658