2

I am working on an asp.net mvc web application, on the view i wrote the following JavaScript which calls an external web service :-

<script type="text/javascript">
$(function() {
$.getJSON("https://MyERPsystem.com/jw/web/json/hr/getsalary/byid?master_username=superadmin&password_hash=9449B5ABCFA9AFDA36B801351ED3DF66&employeeid=A200121",
  {
//code goes here
  },
  function(data) {
    $.each(data.items, function(i,item){
//code goes here
    });
});
}) </script>

So if the external web service implements https, then does this means that the master_username and password_hash inside the javaScript cannot be seen by external users? Best Regards

saveing saving
  • 33
  • 3

3 Answers3

6

HTTPS secures everything as it leaves the browser until as it enters the server.

The data is protected in transit so external users cannot access it.

It will not protect the data from people who control the browser, i.e. the rightful user and anyone who has compromised the user's system.

Quentin
  • 857,932
  • 118
  • 1,152
  • 1,264
0

Using HTTPS means attacks like MITM can't be achieved (at least not that easily). Anyways, keep in mind that the data that will end up in the client side still can be accessed from the machine itself.

alexandernst
  • 13,242
  • 19
  • 83
  • 188
0

I thought that only the internals to the http request are encrypted. The actual URL and Querystring information are not. Probably worth double checking though. Try using something like fiddler or wire shark to inspect the http request internals

Kevin Up
  • 781
  • 1
  • 6
  • 11