What is the best security method for my javascript plugin

Question

What is the best security method for my javascript plugin

My plugin has the streams shown in the diagram below:

MyPlugin.js flows

The requirement is to complete the onclick transaction after authentication. That is , only if the owner of the domain that contains page.html registered on my website (for example www.MyPluginJS.com/register ), can he use MyPlugin.js.

My registration portal issues a Client ID after successful registration.

My question is:

What is the best approach I need to use to secure my onclick transaction?
What are the other options (e.g. MD5 fingerprint), can I require the transaction to be executed reliably?
Are there any existing frameworks (like OAuth) that I can use?

I need people not to use MyPlugin.js that are not registered.

I have no security experience, but I can manage the code.

Thanks in advance:)

+6

javascript security authentication plugins

codemaniac Dec 6 '11 at 9:02

source share

4 answers

Michi · Answer 1 · 2011-12-06T10:57:01+0000

You can use the JS file using some server-side language and add a key / value pair to the request for the js file, pe: MyPlugin.js? key = someValue. Your script can compare the value with some values of the database table where you store authorized users.

NTN, Miguel

Roberto linares · Answer 2 · 2012-02-05T05:46:09+0000

Using jQuery , you can use the $ .getScript (url) function to load the javascript file from the server side, avoiding the use of the <script> .

The idea is to specify a getScript function on the server side of the script that will first check your user session, and if the session is valid, it will return a downloadable javascript file to load or a void javascript file otherwise.

Sara chipps · Answer 3 · 2012-02-05T06:33:28+0000

I saw how some people used the date / time on their web server to create a level of security similar to what @Michi mentions. However, I personally have not tried it.

Billy moon · Answer 4 · 2012-02-06T01:43:34+0000

I think you should use a session created on the server side to ensure that the user is logged in. You can then check the client side (for the convenience of the user) if the session variable is set, and then check the role of the session server (for security) to avoid user intervention with the client code.

You can then use AJAX to load the contents of the plugin page in an iframe. jQuery simplifies AJAX management.

So, the simple answer from me is to use server-side scripts and session variables for security, and jQuery and AJAX on the client side for user convenience.

What is the best security method for my javascript plugin

More articles: