How to ensure only valid HTTP clients? RRS feed

  • Question

  • Hi,

    I know my questions here probably will take a turn outside the intended use of this forum, but I think this forum contains the right people to help me - or point me in the right direction if needed.

    I have a web service that must service Ajax clients. The physical JavaScript files that communicates with my web service is created and hosted by me. So the scenario is much like some embedded Google script or similar that many websites use.

    My trouble is: How can i ensure that the client request comes from a valid customer. I can't rely on stuff that can be spoofed (e.g. http-referer).

    Of course I have Googled this intensively but these discussions are old and raises even more questions for me than they hopefully someone will help me understand this here.



    Friday, June 14, 2013 7:27 AM


  • Certificates (501), Proxy Servers, Encryption (SSL, TLS).  Maybe the references on the web are old because these methods haven't changed.  The only thing that really has changed is a lot of the holes in the windows operating system have been fixed so the hackers don't have back-door access to a PC.  Many sites have stopped responding to hackers by ignoring multiple responses from same source.  More website are implimenting the encryption methods developed years ago.


    Friday, June 14, 2013 8:57 AM