如何隐藏用户的jquery ajax代码 [英] How to hide jquery ajax code from users

查看:89
本文介绍了如何隐藏用户的jquery ajax代码的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我有这个项目(C#ASP.NET Web Forms& Web Services),我正在加载&使用jquery ajax绑定搜索结果。它工作得很好而且非常快。



但是我担心的唯一与安全相关的问题是ajax javascript代码对于所有用户都是可见的开发工具。



I have this project (C# ASP.NET Web Forms & Web Services) in which I am loading & binding search results using jquery ajax. It is working fine and it's very fast.

But the only security-related problem that I am worried about is that the ajax javascript code is visible to all users in the dev tools.

function loadEventNotification(refEventID, sequence, listActiveType, filterType) {
    try {
        var param = 'RefEventId : ' + JSON.stringify(refEventID) + ' , Sequence : ' + JSON.stringify(sequence) + ' , ListActiveType : ' + JSON.stringify(listActiveType) + ' , FilterType : ' + JSON.stringify(filterType);
        var notifID = 0;

        $.ajax({
            type: "POST",
            url: "../Services/CMEventDataService.asmx" + "/" + "CM_LoadEventNotificationWS",
            data: "{" + param + "}",
            contentType: "application/json; charset=utf-8",
            dataType: "json",
            success: function (response) {
                var total = 0;
                if (response.d == 'NOAUTH') {
                    message = 'Error : Your are not authorised to access this service';
                }
                else if (response.d == 'ERROR') {
                    message = 'Error : Unable to find records';
                }
                else if (response.d != '') {
                    var list = eval(response.d.replace(/\\/g, "\\\\"));
                    total = list.length;

                    var notif = '';
                    $.each(list, function (k, v) {
                        //Some Html stuff gos here
                    });
                    $(document).find('#cdsn-items').html(notif);
                }
                else {
                    message = 'No matching records found';
                }
            },
            error: function (response) {
                message = 'Error : Unable to load records';
            },
            timeout: 120000
        });
    } catch (err) {
        console.log(err.message);
    }
}





无论如何我可以向用户隐藏此代码吗?



一旦某人能够看到js ajax代码,他们就会获取Web服务的URL。我确保无法从其他域调用Web服务(NOAUTH错误)



但是,代码在开发工具中公开



有什么建议吗?高度赞赏



我尝试过的事情:



我试图寻找方法调用服务器端代码,但到目前为止没有帮助



Can I in anyway hide this code from the users?

Once somebody is able to see the js ajax code then they will pick up the URL of the Web Service. I have made sure that the web service cannot be called from other domains (NOAUTH error)

But still, the code is exposed in dev tools

Any suggestions? Highly Appreciated

What I have tried:

I tried finding ways of calling a server-side code but so far no help

推荐答案

.ajax({
type:POST,
url: ../Services/CMEventDataService.asmx+/+CM_LoadEventNotificationWS,
data:{+ param +},
contentType:application / json; charset = utf-8 ,
dataType:json,
成功:函数(响应){
var total = 0;
if(response.d =='NOAUTH'){
message ='错误:您无权访问此服务';
}
else if(response.d =='ERROR'){
message ='错误:无法查找记录';
}
else if(response.d!=''){
var list = eval( response.d.replace(/ \\ / g,\\\\));
total = list.length;

var notif ='';
.ajax({ type: "POST", url: "../Services/CMEventDataService.asmx" + "/" + "CM_LoadEventNotificationWS", data: "{" + param + "}", contentType: "application/json; charset=utf-8", dataType: "json", success: function (response) { var total = 0; if (response.d == 'NOAUTH') { message = 'Error : Your are not authorised to access this service'; } else if (response.d == 'ERROR') { message = 'Error : Unable to find records'; } else if (response.d != '') { var list = eval(response.d.replace(/\\/g, "\\\\")); total = list.length; var notif = '';


.each(list,function(k,v){
//这里的一些Html东西gos
});
.each(list, function (k, v) { //Some Html stuff gos here });


(document).find('#cdsn-items')。html(notif);
}
else {
message ='找不到匹配的记录';
}
},
错误:函数(响应){
message ='错误:无法加载记录';
},
超时:120000
});
} catch(错误){
console.log(err.message);
}
}
(document).find('#cdsn-items').html(notif); } else { message = 'No matching records found'; } }, error: function (response) { message = 'Error : Unable to load records'; }, timeout: 120000 }); } catch (err) { console.log(err.message); } }





无论如何我可以向用户隐藏此代码吗?



一旦某人能够看到js ajax代码,他们就会获取Web服务的URL。我确保无法从其他域调用Web服务(NOAUTH错误)



但是,代码在开发工具中公开



有什么建议吗?高度赞赏



我尝试过的事情:



我试图寻找方法调用服务器端代码,但到目前为止没有帮助



Can I in anyway hide this code from the users?

Once somebody is able to see the js ajax code then they will pick up the URL of the Web Service. I have made sure that the web service cannot be called from other domains (NOAUTH error)

But still, the code is exposed in dev tools

Any suggestions? Highly Appreciated

What I have tried:

I tried finding ways of calling a server-side code but so far no help


这篇关于如何隐藏用户的jquery ajax代码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发语言最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆