Menu
I have to pass authentication token from my website to my iframe in a secure way. My iframe is located on the same domain as my website.
Is it secure to pass auth token as parameter to iframe's src property? I mean:
<iframe src={"/purse/index.html?auth_token=" + token} />
UPDATE: By secure I mean that no-one except current (signed in) user have a chance to access the token.
P.S. In your answer pls also describe the way auth_token could be stolen with my approach
281
Technically an auth_token does not provide security, it provides identity. Security would be provided by your encryption and authentication system, usually SSL with some form of login. The auth_token is usually set after authentication and passed over an SSL encrypted connection back to the user. Based on the 'src' in the provided snippet, it appears to be to the same application space - no host info that would suggest a different host. If SSL is still being used to encrypt the connection, then there should not be a concern with anyone else 'seeing' that users auth_token.
108
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
