Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I am having service oriented application where there alot of wcf services being called from javascript , is there a way that I can encrypt or do anything regarding the service url inside the js file? I mean someone can take the url and make millions of request for the service and get the server down.
The browser must be able to read the URL to make the call; that means at some point it will be available in plaintext and thus available to a malicious user in plaintext.
Two things to note here:
First, there should NEVER be any sensitive information in javascript code. That means passwords, encryption keys, or any information that could remotely be used to do something the user is not authorized to do. Minification/Packing only makes the code harder to read, but will not stop a determined attacker. All the authentication and security must be done on the server side, which is the side you can control.
Second, if your service security relies on the URL not being known, you don’t have security at all. You can use WCF throttling to try to prevent DOS attacks. A firewall should also help stop this kind of attack by dropping the packets before they even reach the service.