You are not logged in.
- Topics: Active | Unanswered
#1 2022-10-28 07:55:25
- htits2008
- Member
- Registered: 2015-03-25
- Posts: 31
How to prevent intermediaries from repeatedly obtaining server data?
Today I found a problem. In the JS client, after logging in to the server, execute the remote service to get the data. When we use F12 to debug the browsing page, the URL of the last data retrieval will be displayed in the network tag. If I copy this URL, I can open it in other browsers or computers and get data. Is this a disguised way to skip security verification? After I log out, the above URL will no longer be valid. I wonder if there are properties on the server side that can be used for time comparison between two ends? Or The session_signature can only be used once on the server side? My usage environment is window, M2
http://127.0.0.1:19217/orp/orp_FTS.whereQuery?aTypeTable=orp_rs_dzwj&aWhere=%20where%20NianDu%3D%221989%22&aPage=1&aPageLine=30&session_signature=000f52f8001d8f15d8a3c4dbOffline
#2 2022-10-28 09:44:56
Re: How to prevent intermediaries from repeatedly obtaining server data?
This is as expected, and required - since the browser could need a new connection on the next call.
Two advices:
1) always use TLS i.e. https:// if you can
2) use a POST instead of a GET.
Offline