Security risk in using jQuery Ajax
Andru
6
Points
3
Posts
|
Hi, I am using ajax call for updating and getting data on server
Views:
8632
Total Answered: 2 Total Marked As Answer: 0 Posted On: 18-Jul-2015 06:03 Share: 
|
|
Rahul M...
4822
Points
23
Posts
|
Hi Andru, Anyone who is slightly tech savvy just use their webkit/firebug to track the request, or a program like Charles which monitors network activity. That's why you need authentication and authorization handling machanism on server side code. Authentication is typically handled by a username and password; it is the act of verifying a user is who he is. Which those two mechanisms in place, even if a user knows a url, they still need to "log-in" and have permission to do what they want to do. In critical situations, you can never rely entirely on what you receive from your clients. For instance, if you're adding product to your shopping cart, pass only the ID of the item, and the quantity, to your server. Do not fetch price details from your client, but from your database. If some one tries to hack you and edits the item ID or quantity being sent, the worst thing that happens is that they end up buying something they didn't want; entirely their problem. (But for the very same reasons, if it's a limited offer, you would need to verify that the quantity you receive is not greater than what you allow any one customer to buy, for instance).
Posted On:
20-Jul-2015 04:32
|
|
Brian
2232
Points
14
Posts
|
Hi Andru, You can never rely on any actions or data coming from client side, not only related to jQuery.
Posted On:
20-Jul-2015 04:35
|
