Full Disclosure mailing list archives
Re: JavaScript exploits via source code disclosure
From: "Elazar Broad" <elazar () hushmail com>
Date: Thu, 06 May 2010 13:08:02 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Unless you wrap your service methods with some form of an authentication, your webservice's are just as public as any other "world" accessible part of your site. Are the pages calling these services behind any sort of authentication? On Thu, 06 May 2010 01:44:07 -0400 Ed Carp <erc () pobox com> wrote:
We've got a lot of JQuery code that calls back-end web services, and we're worried about exposing the web services to the outside world - anyone can "view source" and see exactly how we're calling our web services. Are there any suggestions or guidelines regarding protecting one's source from such disclosure? Thanks in advance! _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE----- Charset: UTF8 Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 3.0 wpwEAQECAAYFAkvi93MACgkQi04xwClgpZjfcgP/d0S5hyRlsAypsOue6A6HVLMpvTXT S3LyNJGpmoMcKAVRldWuIz5kP3dQ3BIHJEEdC1qKLwtSOEgAlxM/1XkMR7zhi4qJUzp0 a2LisyC8k2xgWIYSfmiqG//tDWzME4EeYHZiGo0iK0fDPLLSwnad9+aeEdRdNI2vmfIc N6eQJeo= =4zuK -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: JavaScript exploits via source code disclosure, (continued)
- Re: JavaScript exploits via source code disclosure Ed Carp (May 06)
- Re: JavaScript exploits via source code disclosure Valdis . Kletnieks (May 06)
- Re: JavaScript exploits via source code disclosure PsychoBilly (May 06)
- Re: JavaScript exploits via source code disclosure Marsh Ray (May 06)
- Re: JavaScript exploits via source code disclosure PsychoBilly (May 06)
- Re: JavaScript exploits via source code disclosure Marsh Ray (May 06)
- Re: JavaScript exploits via source code disclosure Christian Sciberras (May 06)
- Re: JavaScript exploits via source code disclosure Nick FitzGerald (May 06)
- Re: JavaScript exploits via source code disclosure Christian Sciberras (May 06)
- Re: JavaScript exploits via source code disclosure Ed Carp (May 06)
- Re: JavaScript exploits via source code disclosure T Biehn (May 06)