Developing a... Webapp (Mostly) How to make AJAX secure?

[yNeolh]

Hi everyone, so I'm developing a website, this website will have modules in the html design like ReactJS (RiotJS) and this modules will get the information trough ajax, some of this information will be public, and other will be private, and also I will make GET, PUT... so you will need permisions. Right now I am thinking for an authentication by Cookies sended in the ajax petition for private things, but the thing is this leads to that the public information hackers could use these kindOf API to make clones of the website database... Yeah, only the public data but is too easy to access it... 

 

So... what would you do? I am thinking abut something like CSRF, I mean, print a temporary code on the html only for that user who entered. And only for 2 hours or... but in two hours they can get all the information... I don't know... Any sugestion?

 

Thanks!

[Prashank]

I you creating a REST service for backend?

[yNeolh]

I you creating a REST service for backend?

 

Yes, I'm making a kind of Restful service for this modules. But authentication right now is by cookie session, so it isn't Restful by specification. The thing is I don't know how to improve security for public things... Is there any solution "built yet"? I'm working with Node.js/Express/Mongoose in the server but If anyone has a specification for this problem wich I think most web developer has had, I can built my own solution. Thanks!

[Prashank]

read this http://stackoverflow.com/questions/319530/restful-authentication