Best IT Recipes

AJAX Security

What happens if a user views my JavaScript file, copies the contents of the function, and sends a request to my server using AJAX? And is there a way to properly protect against this?

+17
javascript ajax
Jun 04 2018-10-06T00:
source share
3 answers

The method of protection against this is no different from the method of protection against any web request. You do this so that your site needs some form of authentication (that is, users must be logged in) and do nothing if the request has not been authenticated properly.

Usually, when you make an AJAX request, cookies are also sent along with the request, so you should just use the same authentication method that you use for your regular requests with your AJAX requests.

+15
Jun 04 2018-10-06T00:
source share

As in the codec, it is impossible to prevent someone from creating their own Ajax request, which is identical to the one you have in your Javascript request. Cross-domain protection will not necessarily protect you there, as they can, if they wish, simply enter Javascript in the address bar for themselves, being on the page of your site.

The only protection you have is checking the input and parameters provided with an Ajax request on the server side. Limit every PHP or Python or any script response to a very specific task and check the server side input. If something is wrong, answer the error.

In short, there is no way to prevent someone from sending a request, but you can prevent them from doing something that you do not want to do on your server.

+9
Jun 04 '10 at 6:01
source share

Assuming you need some form of authentication:

I think you can maintain a database session to check if a request comes from a genuine user for a fake. Use encrypted cookies to store the session ID and provide the cookie session ID for the database to validate the user.

0
Jun 04 '10 at 6:43
source share


More articles:


All Articles