esme-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hirsch, Richard" <>
Subject Token Problem in browser-based clients
Date Wed, 04 Feb 2009 07:17:06 GMT
Currently, the ESME login requires a token. This is no problem when
using Java, C#, etc. However, in clients that are based in the browser
(such as pure-JavaScript clients -
t), the token is visible in the HTML source code. Obviously, this isn't
very secure.

In the quest to use the long-polling features of the browser without
revealing the token, we've been exploring various alternatives. We've
tried logging-in via java,  rewriting the JSESSIONID cookie to the
browser and then using this cookie in subsequent REST API calls. This
attempt failed inasmuch as ESME didn't accept the java-based session
cookie for the JavaScript-based REST API calls.

Anyone have any other ideas to deal with this issue?


View raw message