In order to secure Ajax requests, Ran Bar-Zik sugested to "create a small fl开发者_StackOverflow社区ash file to receive the data, SALT it and encrypt it with MD5. Than sent it to the server. The attacker is able to see the data but it is encrypted." Does anybody who has done this would want to share the code with the world? Thanks :-)
Mr Ran Bar-Zik is mistaken. The security system he has proposed violates CWE-602 and is "(in)security though obscurity".
In short the problem is that the server is providing data to a client side application. The client can do whatever he pleases. He can modify the javascript code or intercept and modify all communications using TamperData or Burp Proxy. A flash application can be decompiled and any secrets stored in memory can be obtained with a debugger like ollydbg. There is no solution to this problem.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论