（我建议标注这篇文章的安全。）

(I suggest tagging this post "security".)

首先，你要清楚你要保护什么反对。你能相信客户端呢？狡猾的用户可以贴的Greasemonkey脚本，您的网页上，并呼吁完全code，你的用户界面调用发送请求。在JavaScript封闭隐藏的一切只是意味着你需要一个调试器;它不会使攻击是不可能的。萤火虫可以跟踪HTTPS请求。也可以考虑一个妥协的客户端：是否有安装了键盘记录？是整个系统偷偷运行虚拟化，使攻击者可以在任何时间在他们的休闲检查任何部分的内存？当你作为公开为Web应用程序的安全性是非常棘手的。

First, you should be clear about what you're protecting against. Can you trust the client at all? A crafty user could stick a Greasemonkey script on your page and call exactly the code that your UI calls to send requests. Hiding everything in a Javascript closure only means you need a debugger; it doesn't make an attack impossible. Firebug can trace HTTPS requests. Also consider a compromised client: is there a keylogger installed? Is the entire system secretly running virtualized so that an attacker can inspect any part of memory at any time at their leisure? Security when you're as exposed as a webapp is is really tricky.

不过，这里有几件事情，你要考虑：

Nonetheless, here are a few things for you to consider:

1. 不考虑实际使用的键，但是，例如，你给后立即身份验证令牌，而HMAC哈希值。

1. Consider not actually using keys but rather HMAC hashes of, e.g., a token you give immediately upon authentication.

DOM存储可以是一个有点难以戳比cookie。

DOM storage can be a bit harder to poke at than cookies.

看一看谷歌的执行情况的OAuth 2 一个例如安全模型。基本上你使用令牌仅适用于在有限的时间（也许是为一个单一的IP地址）。即使标记被截取或克隆方式，它是唯一有效的时间长度短。当然，你需要小心你做什么，当令牌用完;攻击者可能只是做同样的事情，你的code做，并获得新的有效令牌？

Have a look at Google's implementation of OAuth 2 for an example security model. Basically you use tokens that are only valid for a limited time (and perhaps for a single IP address). That way even if the token is intercepted or cloned, it's only valid for a short length of time. Of course you need to be careful about what you do when the token runs out; could an attacker just do the same thing your code does and get a new valid token?

不要忽视服务器端安全性：即使你的客户要提交申请之前已经检查，再检查服务器上的用户是否确实有权去做他们在问什么。事实上，这个建议可能会避免最上面的。

Don't neglect server-side security: even if your client should have checked before submitting the request, check again on the server if the user actually has permission to do what they're asking. In fact, this advice may obviate most of the above.