-
AJAX Security
I have implemented inline editing. The server-side script accepts the following information, which it receives from the client-side script: Table Name, Unique Field (to find which row to update), Unique Field Value, Field to update & value of field to update. What I am worried about however, is that the data sent to the server-side script can easily be changed by using something like Firebug, or a hacker could even create a new form and post it to my server-side script, and it would execute it. In this way, they could update any field in any table they like..
How do I solve this problem ?
Regards,
OGLES
-
Welcome to DevX 
Do you have proxy servers and/or fire walls setup?
-
erm, no..
-
That would be my first step.
Are you familiar with what I'm referring to?
-
heh..
no.. 
I'm familar with what you have stated, but I don't understand how to implement it with regards to my website..
-
-
Ok, so basically I spend alot of $$$ to buy some third-party software that does the job for me ?
-
Perhaps not a lot, but some for sure.
Peace of mind is seldom inexpensive.
-
Hmm, not my style. And besides, firewall maintenance sounds like anything but "peace of mind".. :P
Anyhow, I've thought of a perfect software hack for the problem..
Thanks for the help anyway though..
-
I'm curious....
 Originally Posted by OGLES
I've thought of a perfect software hack for the problem..
what would that be?
-
The best thing to do would be some good server side validation prior to any database writing.
Similar Threads
-
By moetarhini in forum AJAX
Replies: 0
Last Post: 06-14-2006, 06:28 AM
-
By Jocelyn Traher in forum Careers
Replies: 0
Last Post: 06-08-2006, 09:54 AM
-
Replies: 0
Last Post: 02-09-2006, 02:26 PM
-
By Chris Boyle in forum Security
Replies: 1
Last Post: 06-20-2001, 11:59 AM
-
By Flacco in forum Enterprise
Replies: 1
Last Post: 09-13-2000, 10:15 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Development Centers
-- Android Development Center
-- Cloud Development Project Center
-- HTML5 Development Center
-- Windows Mobile Development Center
|