We have quite a unique database, we have been putting it together for over 12 months and I wonder wha the common techniques and processes are to protect this data when using web services and AJAX.
We are using .NET 4.0, jQuery 1.6 and C# for web services.
I wonder what are the best techniques to protect your code and database from stealing data.
1. How do I make sure that database replies with records only to requests from our page?
- Is it possible to block requests from external JS and Ajax requests?
- Do we need to generate some session with hash with secret key, so only we know whether hash is valid
- we need to stop robots from going through all the
<select>in html filter combinations, we can't afford someone to develop robot which will automatically read all combinations and save results to database
2. What is the best way to minify and confuscate JS code, to make it as difficult as possible for others to decode?
Thank you.
- How do I make sure that database replies with records only to requests from our page?
Is it possible to block requests from external JS and Ajax requests?
Yes, look at the request referrer (Request.URLReferrer.Host.ToString). If it's not your page, don't accept the request.
Do we need to generate some session with hash with secret key, so only we know whether hash is valid
No harm in that. It's easier to use a cookie. No cookie = redirect to login page. The cookie value is a random key anyway.
we need to stop robots from going through all the in html filter combinations, we can't afford someone to develop robot which will automatically read all combinations and save results to database
Put this behind the login. This doesn't stop someone with a bot and a login though.
What is the best way to minify and confuscate JS code, to make it as difficult as possible for others to decode ?
There is no point in doing so. It all has to be decoded to execute, and the code to do that needs to be included with YOUR code.
In general: If you don't want people to steal it, don't put it on the WWW.
