AJAX Security

[OGLES]

I have implemented inline editing. The server-side script accepts the following information, which it receives from the client-side script: Table Name, Unique Field (to find which row to update), Unique Field Value, Field to update & value of field to update. What I am worried about however, is that the data sent to the server-side script can easily be changed by using something like Firebug, or a hacker could even create a new form and post it to my server-side script, and it would execute it. In this way, they could update any field in any table they like..

How do I solve this problem ?

Regards,
OGLES

[Hack]

Welcome to DevX

Do you have proxy servers and/or fire walls setup?

[OGLES]

erm, no..

[Hack]

That would be my first step.

Are you familiar with what I'm referring to?

[OGLES]

heh..

no..

I'm familar with what you have stated, but I don't understand how to implement it with regards to my website..

[Hack]

Here are a couple of things to read.

http://www.more.net/technical/netserv/tcpip/firewalls/

http://www.peer1.com/resources/white...ngfirewall.php

[OGLES]

Ok, so basically I spend alot of $$$ to buy some third-party software that does the job for me ?

[Hack]

Perhaps not a lot, but some for sure.

Peace of mind is seldom inexpensive.

[OGLES]

Hmm, not my style. And besides, firewall maintenance sounds like anything but "peace of mind".. :P

Anyhow, I've thought of a perfect software hack for the problem..

Thanks for the help anyway though..

[Hack]

I'm curious....

I've thought of a perfect software hack for the problem..

what would that be?

[thinktejas]

The best thing to do would be some good server side validation prior to any database writing.