Secure an AJAX request
Posted: Thu Nov 12, 2020 6:00 pm
Hello,
This is how I secure an AJAX request. I am interested in your opinions.
Instead of session or cookies, we write into the server's memory.
---------------------------------------------------------------------------------------------------
On program start we write a UUID key into the memory of the server.
function Main ()
cUUID: = GenerateUUID ()
hb_setenv ("pwd", cUUID) // memory write
---------------------------------------------------------------------------------------------------
On AJAX request we send a string - encrypted with cUUID - containing seconds ().
code = {{hb_jsonencode (encrypedtime ())}};
ogrid = $ ('# example'). DataTable ({
"ajax": {
"url": "landingpage.prg",
"type": "POST",
data: {username: matchcode, password: code, action: cAction,
---------------------------------------------------------------------------------------------------
function encrypedtime ()
local cVar: = Crypt (ALLTRIM (str (Seconds ())), cUUID)
cvar: = HB_BASE64ENCODE (cVar)
logging ("HB_BASE64ENCODE" + cVar)
return (cvar)
---------------------------------------------------------------------------------------------------
Inside AJAX call we decrypt and check the time against the time passed. If there is more than 2 sec difference we answer with an error msg.
function main ()
..
local hPairs: = AP_PostPairs ()
local cUUID: = hb_Getenv ("pwd")
code: = hb_UrlDecode (hPairs ['password'])
code: = HB_BASE64DECODE (code)
logging ("HB_BASE64DECODE" + code)
code: = Crypt (code, cUUID)
nSecsLapsed: = seconds () - val (code)
logging ("Seconds" + STR (nSecsLapsed))
Though its not 100% but will stop most.
What do you mean?
Best regards,
Otto
This is how I secure an AJAX request. I am interested in your opinions.
Instead of session or cookies, we write into the server's memory.
---------------------------------------------------------------------------------------------------
On program start we write a UUID key into the memory of the server.
function Main ()
cUUID: = GenerateUUID ()
hb_setenv ("pwd", cUUID) // memory write
---------------------------------------------------------------------------------------------------
On AJAX request we send a string - encrypted with cUUID - containing seconds ().
code = {{hb_jsonencode (encrypedtime ())}};
ogrid = $ ('# example'). DataTable ({
"ajax": {
"url": "landingpage.prg",
"type": "POST",
data: {username: matchcode, password: code, action: cAction,
---------------------------------------------------------------------------------------------------
function encrypedtime ()
local cVar: = Crypt (ALLTRIM (str (Seconds ())), cUUID)
cvar: = HB_BASE64ENCODE (cVar)
logging ("HB_BASE64ENCODE" + cVar)
return (cvar)
---------------------------------------------------------------------------------------------------
Inside AJAX call we decrypt and check the time against the time passed. If there is more than 2 sec difference we answer with an error msg.
function main ()
..
local hPairs: = AP_PostPairs ()
local cUUID: = hb_Getenv ("pwd")
code: = hb_UrlDecode (hPairs ['password'])
code: = HB_BASE64DECODE (code)
logging ("HB_BASE64DECODE" + code)
code: = Crypt (code, cUUID)
nSecsLapsed: = seconds () - val (code)
logging ("Seconds" + STR (nSecsLapsed))
Though its not 100% but will stop most.
What do you mean?
Best regards,
Otto