In the jquery example the arguments are well identified; url and form parameters.
$.ajax({
url: "test.html",
}).done(function() {
// ...
});
I want to know if you have any way to hide the url in ajax or make it difficult to identify the destination to avoid being copied and pasted into the browser.
I see the js of other sites and apparently are pure javascript. Does this imply security in any way?
No, in fact there is no way to hide either the url or the values.
Now there are some measures that if need be can be taken, like:
With this you can restrict the use of your api or whatever, to specific domains.
Ex: You have a url that registers the user, you can at the server configure so that only the site www.meusite.com com can access, so another website will receive an error when trying to access. (That's a browser that slashes, a CURL already works)
Some more sensitive data can be encrypted so that it will not be useful to anyone who intercepts. Ex: I want to send my user and password and I want to protect this data, I can do an MD5 and send, there are also other alternatives such as bcrypt .. etc.
I hope you have helped.
Forget it! If you encrypt someone can decrypt, if you obfuscate someone can defocus (is there such a word?).
If the problem is that the user accesses a page directly by the address you should check in the request of this page if the method of calling it is expected. For example, GET or POST.
How to decrypt an MD5 256 or a bcrypt-based comparison hash?
The possibility of course exists, but the cost to do this is very large and very slow, in the case of bcrypt I can tell you that it is almost impossible, since the hash generated is always different and has to be compared through a slow algorithm.
As for de-musing I did not technically understand how it would be done, how would I de-muster a CORS in the browser?
As for the POST and GET methods do not change data security at all, the only difference is that the GET sends in the query and the POST in HTTP payload.
In conclusion, no .. do not forget that. Take into consideration protecting your server with CORS and for the sake of its users use an encryption algorithm for sensitive data.