Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I need to send an ajax POST request to my server.
I’ll need to make sure that the request originated from the script itself, and not from a user writing the request him/her self.
Is there any secure way to do this? Can the script sign or encode the POST request, later to be decrypted by the server’s private key? and can I somehow prevent the user from encrypting using my public key?
I’m not doing this just for filtering purposes – so plain old server-side validation just won’t do.
The other answers are correct: this is fundamentally impossible. Probably the best you can do from a pragmatic point of view is to look into really nasty ways to obfuscate your JavaScript to discourage people who might try to look at it, but you can be assured that someone motivated can work around this without too much effort. http://en.wikipedia.org/wiki/Obfuscated_code