current community

your communities

more stack exchange communities

Stack Exchange
tour help
careers 2.0
Take the 2-minute tour ×
Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free, no registration required.
up vote 0 down vote favorite

1) my distributed javascript is placed on sites without any id references (in element attributes)

2) once the script is fired via a site:

  • the HTTP Origin Header is detected and verified on my server (checks domain == origin)
  • my server then issues and id from the database upon match above for the application logic

I understand HTTP Origin Header can be hacked and then id from the database has a security hole

how do I protect my distributed javascript to prevent the id to be released to a hack?

share|improve this question
1  
don't worry; browsers can't fake the origin header. given that, why a python curl script would want your js file is an open question... –  dandavis 1 hour ago
    
hi @dandavis . the app logic tracks urls . I want to prevent false counts. makes sense? –  techtransferportal 1 hour ago

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Browse other questions tagged or ask your own question.