1

I need to call a web service from my client side JavaScript code (which will run as a web page is loading). I understand there are libraries for doing this like this one, or I can just use straightup jQuery as described here.

But one concern I had was authentication. I need to send the webservice a username/password or a authorization header as described here. Now if this will not come from the user, it seems that it needs to be stored somewhere on the browser side code in order for it to be sent when that code runs (client side).

Won't this then be in the clear for all to see just by doing a view source on my page? If so, how can I prevent this?

Community
  • 1
  • 1
AbuMariam
  • 2,582
  • 7
  • 34
  • 64

1 Answers1

1

Well you can encode the user name and password so if someone sees the view source of the web page it will show the encoded credentials.

To encode/decode the credentials you can use the atob and btoa Javascript functions. They are present in the JavaScript implementation of most browsers. See this link: https://developer.mozilla.org/en/docs/Web/API/WindowBase64/Base64_encoding_and_decoding

When sending the credentials to the server you can decode the data before sending the credentials.

To ensure that the credentials are not read during transmission, they should not be sent in plain text. HTTPS can be used to secure the web service requests.

Nadir Latif
  • 3,223
  • 1
  • 13
  • 22