5

I am using jquery for all my ajax thing, I don't know if that is fine but I use that for now.
I have one text input when user type characters in it I call server side get some values and add them on the view.
Code that I use bellow works fine but I want to improve it a little.
How can I make this ajax call so that users that want to investigate my page source code can't see what I call here?
So basically I want to hide from page source what url, what type and data send I use here, is it possible?

$(function () {
        $("#txtSearch").keyup(function (evt) {        
            $.ajax({
                url: "/Prethors/Users/SearchUsers",
                type: "POST",
                data: "text=" + this.value,
                success: function (result) {
                    $("#searchResult").prepend("<p>" + result + "</p>");      
                }
            });
        });
    });
1110
  • 7,829
  • 55
  • 176
  • 334

4 Answers4

4

No, a user will always be able to figure out what calls you are making if you include it in javascript.

You can compress and minify the javascript, but a determined person will always be able to find your url calls.

Here's a js compression site, for example. http://jscompress.com/

Michael Dillon
  • 1,037
  • 6
  • 16
  • Hmm so you wan't to say is that I can see what method facebook people search is sent? I can't find it on fb page is it possible that they hide it somehow? – 1110 Dec 08 '11 at 21:18
  • All they are doing is disguising the call somehow. Check firebug or the chrome console, you will see every web call made as a resource request. – Michael Dillon Dec 08 '11 at 21:21
4

overall, you shouldn't worry about this. there is no way I'm aware of to hide your ajax calls, but you shouldn't need to.

-you could encrypt the info.

-you could use comet to stream the data on a persistent connection. (super complicated).

-follow good server security practices and not worry about it.

source: here

If you are really worried about this, you could set up kind of an anonymous URL, which will then redirect to where you really want to go based on some variable which is arbitrary.

for example, instead of going to "/Prethors/Users/SearchUsers"

go to "/AnonymousCall?code=5"

from which you could execute the code you want for searchusers

Evan
  • 5,975
  • 8
  • 34
  • 63
3

You can't hide client-side code. You can disguise it with minification but sensitive data should always be stored and processed on the server-side.

Terry
  • 14,099
  • 9
  • 56
  • 84
1

Use console.clear(); after you ajax calls :P It just clears the reqs from the console but you still cannot hide client side calls.

abhilashv
  • 1,418
  • 1
  • 13
  • 18