How to use hwcrypto.js check persons use usb-token

up vote
1
down vote

favorite

I am currently developing a web based signing system use hwcrypto
When user plug usb-token device to computer then click button, it prompt select certificate and enter password:

window.hwcrypto.getCertificate({lang: lang, filter: filter})

.then(function(cert) {

    window.hwcrypto.sign(cert, {type: hashtype, hex: hash}, {lang: lang})

    .then(function(signature){

        // call jquery ajax to do some important thing

        $.ajax({

            url: 'index.php?action=very_important_action',

            dataType: 'html',

            success: function(response) {

                console.log(response);

        });

    });

});

It works, but i worry users call ajax function directly not use usb-token. How can I protect that?

javascript

share|improve this question

asked yesterday

Bùi văn Nguyện

37717

add a comment | 

up vote
1
down vote

favorite

I am currently developing a web based signing system use hwcrypto
When user plug usb-token device to computer then click button, it prompt select certificate and enter password:

window.hwcrypto.getCertificate({lang: lang, filter: filter})

.then(function(cert) {

    window.hwcrypto.sign(cert, {type: hashtype, hex: hash}, {lang: lang})

    .then(function(signature){

        // call jquery ajax to do some important thing

        $.ajax({

            url: 'index.php?action=very_important_action',

            dataType: 'html',

            success: function(response) {

                console.log(response);

        });

    });

});

It works, but i worry users call ajax function directly not use usb-token. How can I protect that?

javascript

share|improve this question

asked yesterday

Bùi văn Nguyện

37717

add a comment | 

up vote
1
down vote

favorite

up vote
1
down vote

favorite

I am currently developing a web based signing system use hwcrypto
When user plug usb-token device to computer then click button, it prompt select certificate and enter password:

window.hwcrypto.getCertificate({lang: lang, filter: filter})

.then(function(cert) {

    window.hwcrypto.sign(cert, {type: hashtype, hex: hash}, {lang: lang})

    .then(function(signature){

        // call jquery ajax to do some important thing

        $.ajax({

            url: 'index.php?action=very_important_action',

            dataType: 'html',

            success: function(response) {

                console.log(response);

        });

    });

});

It works, but i worry users call ajax function directly not use usb-token. How can I protect that?

javascript

share|improve this question

asked yesterday

Bùi văn Nguyện

37717

I am currently developing a web based signing system use hwcrypto
When user plug usb-token device to computer then click button, it prompt select certificate and enter password:

window.hwcrypto.getCertificate({lang: lang, filter: filter})

.then(function(cert) {

    window.hwcrypto.sign(cert, {type: hashtype, hex: hash}, {lang: lang})

    .then(function(signature){

        // call jquery ajax to do some important thing

        $.ajax({

            url: 'index.php?action=very_important_action',

            dataType: 'html',

            success: function(response) {

                console.log(response);

        });

    });

});

It works, but i worry users call ajax function directly not use usb-token. How can I protect that?

javascript

javascript

share|improve this question

asked yesterday

Bùi văn Nguyện

37717

share|improve this question

asked yesterday

Bùi văn Nguyện

37717

share|improve this question

share|improve this question

asked yesterday

Bùi văn Nguyện

37717

asked yesterday

Bùi văn Nguyện

37717

asked yesterday

Bùi văn Nguyện

37717

37717

add a comment | 

add a comment | 

1 Answer
1

active

oldest

votes

up vote
1
down vote

I have a few approaches in mind, but it depends on your implementation -

1. You can set the usb-token in your local storage, and the page that is being requested has the check that usb-token field should already be available in the local storage.


2. You can check for every ajax request that is being made, by using $.ajax.beforeSend and check if you have usb-token available.


3. You can send the token as a query parameter and check in the page that is being requested, that if the parameter containing the token exists or not.

share|improve this answer

answered yesterday

Aseem Upadhyay

1,056520

add a comment | 

Your Answer

StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});

 

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53372325%2fhow-to-use-hwcrypto-js-check-persons-use-usb-token%23new-answer', 'question_page');
}
);

Post as a guest

Name

Email

Required, but never shown

1 Answer
1

active

oldest

votes

1 Answer
1

active

oldest

votes

active

oldest

votes

active

oldest

votes

up vote
1
down vote

I have a few approaches in mind, but it depends on your implementation -

1. You can set the usb-token in your local storage, and the page that is being requested has the check that usb-token field should already be available in the local storage.


2. You can check for every ajax request that is being made, by using $.ajax.beforeSend and check if you have usb-token available.


3. You can send the token as a query parameter and check in the page that is being requested, that if the parameter containing the token exists or not.

share|improve this answer

answered yesterday

Aseem Upadhyay

1,056520

add a comment | 

up vote
1
down vote

I have a few approaches in mind, but it depends on your implementation -

1. You can set the usb-token in your local storage, and the page that is being requested has the check that usb-token field should already be available in the local storage.


2. You can check for every ajax request that is being made, by using $.ajax.beforeSend and check if you have usb-token available.


3. You can send the token as a query parameter and check in the page that is being requested, that if the parameter containing the token exists or not.

share|improve this answer

answered yesterday

Aseem Upadhyay

1,056520

add a comment | 

up vote
1
down vote

up vote
1
down vote

I have a few approaches in mind, but it depends on your implementation -

1. You can set the usb-token in your local storage, and the page that is being requested has the check that usb-token field should already be available in the local storage.


2. You can check for every ajax request that is being made, by using $.ajax.beforeSend and check if you have usb-token available.


3. You can send the token as a query parameter and check in the page that is being requested, that if the parameter containing the token exists or not.

share|improve this answer

answered yesterday

Aseem Upadhyay

1,056520

I have a few approaches in mind, but it depends on your implementation -

1. You can set the usb-token in your local storage, and the page that is being requested has the check that usb-token field should already be available in the local storage.


2. You can check for every ajax request that is being made, by using $.ajax.beforeSend and check if you have usb-token available.


3. You can send the token as a query parameter and check in the page that is being requested, that if the parameter containing the token exists or not.

share|improve this answer

answered yesterday

Aseem Upadhyay

1,056520

share|improve this answer

share|improve this answer

answered yesterday

Aseem Upadhyay

1,056520

answered yesterday

Aseem Upadhyay

1,056520

answered yesterday

Aseem Upadhyay

1,056520

1,056520

add a comment | 

add a comment | 

 

draft saved

draft discarded

 

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53372325%2fhow-to-use-hwcrypto-js-check-persons-use-usb-token%23new-answer', 'question_page');
}
);

Post as a guest

Name

Email

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

Name

Name

Email

Required, but never shown

Email

Required, but never shown

Email

Required, but never shown

Email

Required, but never shown

Name

Name

Email

Required, but never shown

Email

Required, but never shown

Email

Required, but never shown

Email

Required, but never shown

This page is only for reference, If you need detailed information, please check here