Reputation: 3935
Security issues regarding ajax
I want to design a 'like/dislike' system for my webapp.I'm thinking about something like 'http://mywebapp/like/'.If user makes an ajax call to the already mentioned url.It will like the item on the behalf of the user. So,is there any security flaw in my idea? [EDIT 1] Can a malicious user make ajax calls and have his/her vote counted?If yes then what can I do to prevent it?
Upvotes: 0
Views: 177
Answers (1)
Reputation: 24566
From the small amount of detail you've given it's hard to make a judgement however if your authentication system is structurally sound and you're routing the like to a specific entity correctly i.e if it's on the page then it simply uses the referring url to get the item to like then this could work quite well and at this point if, hypothetically, all of your code is perfect then you shouldn't have any security flaws that are from this idea so far.
For future reference, try to be alot more specific and especially in these kinds of questions, detail is a firm necessity. It is impossible to say how secure something is before it has been created.
Upvotes: 1
Related Questions
- How to secure AJAX call with Django backend?
- Security risk in using jQuery Ajax
- How to 'protect' an ajax view in django
- Security using Django 1.10 + AJAX without any HTML form
- Secure Javascript code
- Can requests via Ajax to make direct db queries ever be made secure?
- How does one protect his AJAX views with Django?
- Django and Ajax security concern
- Django, unobtrusive JavaScript and cross-site scripting
- ajax security?