[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20100506170803.F1A3911803D@smtp.hushmail.com>
Date: Thu, 06 May 2010 13:08:02 -0400
From: "Elazar Broad" <elazar@...hmail.com>
To: full-disclosure@...ts.grok.org.uk, erc@...ox.com
Subject: Re: JavaScript exploits via source code disclosure
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Unless you wrap your service methods with some form of an
authentication, your webservice's are just as public as any other
"world" accessible part of your site. Are the pages calling these
services behind any sort of authentication?
On Thu, 06 May 2010 01:44:07 -0400 Ed Carp <erc@...ox.com> wrote:
>We've got a lot of JQuery code that calls back-end web services,
>and
>we're worried about exposing the web services to the outside world
>-
>anyone can "view source" and see exactly how we're calling our web
>services.
>
>Are there any suggestions or guidelines regarding protecting one's
>source from such disclosure? Thanks in advance!
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE-----
Charset: UTF8
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 3.0
wpwEAQECAAYFAkvi93MACgkQi04xwClgpZjfcgP/d0S5hyRlsAypsOue6A6HVLMpvTXT
S3LyNJGpmoMcKAVRldWuIz5kP3dQ3BIHJEEdC1qKLwtSOEgAlxM/1XkMR7zhi4qJUzp0
a2LisyC8k2xgWIYSfmiqG//tDWzME4EeYHZiGo0iK0fDPLLSwnad9+aeEdRdNI2vmfIc
N6eQJeo=
=4zuK
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists