Is Ajax a security form?

Question

Is Ajax a security form?

Suppose I have a form and I want the user not to submit the form before validation, so I use event.preventDefault () in onsubmit:

// In my validation.js $('#myForm').bind('submit', function(event){ event.preventDefault(); // I do the client-side validation here });

You can see here, the user can edit the validaiton code after the preventDefault () line. And they are tested (client side only)

What is a safer way to do an “ajax” form with client side validation? I also have server side validation, but I just want to ask, how to make the client side harder to crack and more secure?

+4

jquery security ajax

hanhp Oct 4 '11 at 10:50

source share

3 answers

You cannot fully protect the client side, but you can increase security. Among other things, you can:

You could not have a submit button, just a regular button, only allowing the submission of the form with JS support enabled by submitting to JS until the button is clicked.
You can minimize / dispute JS to make editing easier.
You can pre-authenticate with the server by requesting a key valid for a short period of time, which is then submitted with the form, so that the server side can verify that the view most likely came from your valid javascript.

0

Matt fellows Oct 4 '11 at 10:57

source share

You must duplicate all of your client-side validation on the server. The best solution when using .NET would be to use Dataannotaion to decorate entity classes with the attributes Required, Range, Regularexpression. These attributes can be verified on the client side using jquery.unobtrusive.validate and then on the server using ModelState.IsValid ()

0

ballyshan Oct 4 '11 at 10:58

source share

genesis · Accepted Answer · 2011-10-04T10:52:26+0000

It is never "more reliable" or "more secure." JS can be disabled and there will be no validation on the client side.

Is Ajax a security form?

More articles: