Announcement

Collapse
No announcement yet.
X
  • Filter
  • Time
Clear All
new posts

  • slallouani
    started a topic Hiding POST Data Information from browser

    Hiding POST Data Information from browser

    Hello all,

    I am working on a project which is using smart client framework on front end and we actually having a security issue,

    We are using a generic PHP page to handle calls between client side and database,

    The problem is when we POST data to the PHP file, all the data are exposed to the client so they can easily understand how it works manipulate data and post,

    My customer want to remove the SmartClient framework because of this but I am sure there is another way to communicate with a MySQL database without exposing the POST data to the user,

    I read the documentation but didn't find anything, is there any way to fix my problem without having to change the whole application?

    My client actually have a license with you guy's I can provide it if needed,

    This is the syntax we are using in each asc.RestDataSource.Create controller:

    Code:
    operationBindings: [{
    operationType: "fetch",
    dataProtocol: "postXML"
    },
    {
    operationType: "add",
    dataProtocol: "postParams"
    },
    {
    operationType: "remove",
    dataProtocol: "getParams"
    },
    {
    operationType: "update",
    dataProtocol: "postParams"
    }
    ],
    disableQueuing: true, 
    
    fetchDataURL: "data/db.php",
    addDataURL: "data/db.php",
    updateDataURL: "data/db.php",
    removeDataURL: "data/db.php"
    });
    Thanks for your help,
    Attached Files

  • Isomorphic
    replied
    Whether you use a framework or just plain HTML forms, data entered by users is POST'd to the server, and this is not a security issue.

    Bear in mind that as you read this, extremely security conscious organizations such as banks and defense contractors are using SmartClient to POST sensitive data to servers in just the way you describe.

    Please do let us know if you believe you have discovered an actual security issue - but when doing so, include details of specifically how it could be exploited by an attacker.

    Leave a comment:

Working...
X