Jump to content
Claris Engage 2025 - March 25-26 Austin Texas ×

How to secure CWP when working with Javascript and AJAX?


This topic is 4610 days old. Please don't post here. Open a new topic instead.

Recommended Posts

Posted

Hello, everyone.

So, recently I've been doing a fair bit of work on some custom web publishing for my company. Now I've gotten to the point where I no longer want to use my default test account that automatically logs in (hard coded username and password in my PHP files (no, this is not live yet)). I would like to start working on a login page, but I'm not sure where to start with my solution.

Here's the problem. My CWP often uses AJAX to perform the calls to FM Server. As such, the PHP file that actually connects to the server is never located on the client devices. I need the clients to be able to log in (to verify they have access to our system), then be able to send those credentials many times per day to the AJAX file so it can log in as them and perform the command. However, I don't even know where to start to do this.

I definitely don't want to store and send their passwords in plain text. This would technically work, but why would anyone do that? So I need to encrypt them somehow, and it needs to be done in a way that the AJAX file can then decrypt them in order to get the credentials. But my problem with this is that the ecrypted password basically just becomes the user's password. Now if someone gets the encryped password, they could just as easily send it to the AJAX file, where it's decryped and run as normal.

So apparently I have to do something with the password on-the-fly to prevent this? But what? I'm at a complete loss for how to do this sort of thing. Do we have any security experts here that might be willing to give me some insight? Is there a big (or little) PDF that's already explained all of this and I've just overlooked it? Is Obi-wan Kenobi my only hope?

Thank you in advance for any help on this.

This topic is 4610 days old. Please don't post here. Open a new topic instead.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.