How to protect access tokens in a Web application?

1

I have an application in AWS and to access it I need to pass an access token and an SSID. To access the AWS application I have a site , however the keys are written in the HTML code, and anyone accessing the source of the site can see the keys.

I would like to know how to hide these keys.

    
asked by anonymous 04.05.2016 / 13:41

1 answer

0

The "javascript" tag indicates that you should be making an AJAX request for your application.

In this case, you can not hide the data.

What you can is create an endpoint on your site to be the go-between. The page makes a non-token request for the site, and the site server submits the request to AWS. So the secret data stays on the server only.

    
05.05.2016 / 01:02