How to use hwcrypto.js check persons use usb-token











up vote
1
down vote

favorite












I am currently developing a web based signing system use hwcrypto
When user plug usb-token device to computer then click button, it prompt select certificate and enter password:



window.hwcrypto.getCertificate({lang: lang, filter: filter})
.then(function(cert) {
window.hwcrypto.sign(cert, {type: hashtype, hex: hash}, {lang: lang})
.then(function(signature){
// call jquery ajax to do some important thing
$.ajax({
url: 'index.php?action=very_important_action',
dataType: 'html',
success: function(response) {
console.log(response);
});
});
});


It works, but i worry users call ajax function directly not use usb-token. How can I protect that?










share|improve this question


























    up vote
    1
    down vote

    favorite












    I am currently developing a web based signing system use hwcrypto
    When user plug usb-token device to computer then click button, it prompt select certificate and enter password:



    window.hwcrypto.getCertificate({lang: lang, filter: filter})
    .then(function(cert) {
    window.hwcrypto.sign(cert, {type: hashtype, hex: hash}, {lang: lang})
    .then(function(signature){
    // call jquery ajax to do some important thing
    $.ajax({
    url: 'index.php?action=very_important_action',
    dataType: 'html',
    success: function(response) {
    console.log(response);
    });
    });
    });


    It works, but i worry users call ajax function directly not use usb-token. How can I protect that?










    share|improve this question
























      up vote
      1
      down vote

      favorite









      up vote
      1
      down vote

      favorite











      I am currently developing a web based signing system use hwcrypto
      When user plug usb-token device to computer then click button, it prompt select certificate and enter password:



      window.hwcrypto.getCertificate({lang: lang, filter: filter})
      .then(function(cert) {
      window.hwcrypto.sign(cert, {type: hashtype, hex: hash}, {lang: lang})
      .then(function(signature){
      // call jquery ajax to do some important thing
      $.ajax({
      url: 'index.php?action=very_important_action',
      dataType: 'html',
      success: function(response) {
      console.log(response);
      });
      });
      });


      It works, but i worry users call ajax function directly not use usb-token. How can I protect that?










      share|improve this question













      I am currently developing a web based signing system use hwcrypto
      When user plug usb-token device to computer then click button, it prompt select certificate and enter password:



      window.hwcrypto.getCertificate({lang: lang, filter: filter})
      .then(function(cert) {
      window.hwcrypto.sign(cert, {type: hashtype, hex: hash}, {lang: lang})
      .then(function(signature){
      // call jquery ajax to do some important thing
      $.ajax({
      url: 'index.php?action=very_important_action',
      dataType: 'html',
      success: function(response) {
      console.log(response);
      });
      });
      });


      It works, but i worry users call ajax function directly not use usb-token. How can I protect that?







      javascript






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked yesterday









      Bùi văn Nguyện

      37717




      37717
























          1 Answer
          1






          active

          oldest

          votes

















          up vote
          1
          down vote













          I have a few approaches in mind, but it depends on your implementation -




          1. You can set the usb-token in your local storage, and the page that is being requested has the check that usb-token field should already be available in the local storage.

          2. You can check for every ajax request that is being made, by using $.ajax.beforeSend and check if you have usb-token available.

          3. You can send the token as a query parameter and check in the page that is being requested, that if the parameter containing the token exists or not.






          share|improve this answer





















            Your Answer






            StackExchange.ifUsing("editor", function () {
            StackExchange.using("externalEditor", function () {
            StackExchange.using("snippets", function () {
            StackExchange.snippets.init();
            });
            });
            }, "code-snippets");

            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "1"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });














             

            draft saved


            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53372325%2fhow-to-use-hwcrypto-js-check-persons-use-usb-token%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes








            up vote
            1
            down vote













            I have a few approaches in mind, but it depends on your implementation -




            1. You can set the usb-token in your local storage, and the page that is being requested has the check that usb-token field should already be available in the local storage.

            2. You can check for every ajax request that is being made, by using $.ajax.beforeSend and check if you have usb-token available.

            3. You can send the token as a query parameter and check in the page that is being requested, that if the parameter containing the token exists or not.






            share|improve this answer

























              up vote
              1
              down vote













              I have a few approaches in mind, but it depends on your implementation -




              1. You can set the usb-token in your local storage, and the page that is being requested has the check that usb-token field should already be available in the local storage.

              2. You can check for every ajax request that is being made, by using $.ajax.beforeSend and check if you have usb-token available.

              3. You can send the token as a query parameter and check in the page that is being requested, that if the parameter containing the token exists or not.






              share|improve this answer























                up vote
                1
                down vote










                up vote
                1
                down vote









                I have a few approaches in mind, but it depends on your implementation -




                1. You can set the usb-token in your local storage, and the page that is being requested has the check that usb-token field should already be available in the local storage.

                2. You can check for every ajax request that is being made, by using $.ajax.beforeSend and check if you have usb-token available.

                3. You can send the token as a query parameter and check in the page that is being requested, that if the parameter containing the token exists or not.






                share|improve this answer












                I have a few approaches in mind, but it depends on your implementation -




                1. You can set the usb-token in your local storage, and the page that is being requested has the check that usb-token field should already be available in the local storage.

                2. You can check for every ajax request that is being made, by using $.ajax.beforeSend and check if you have usb-token available.

                3. You can send the token as a query parameter and check in the page that is being requested, that if the parameter containing the token exists or not.







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered yesterday









                Aseem Upadhyay

                1,056520




                1,056520






























                     

                    draft saved


                    draft discarded



















































                     


                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53372325%2fhow-to-use-hwcrypto-js-check-persons-use-usb-token%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    Popular posts from this blog

                    'app-layout' is not a known element: how to share Component with different Modules

                    android studio warns about leanback feature tag usage required on manifest while using Unity exported app?

                    WPF add header to Image with URL pettitions [duplicate]