Ksakser
Reputation: 37
How to create safe scripts PHP + jquery
From my phpwebsite, when users need to create a new post (for example), I'm sending a jquery/post to one phpscript to do this action. But this is not safe, I mean, everyone could send a fake jquery/post to that script with the same user id with no login requirement.
Is it any safe way to do this?
Upvotes: 0
Views: 259
Answers (2)
SLaks
Reputation: 888047
Don't include the user ID in the POST.
Instead, just use the ID of the currently-logged-in user on the server.
This assumes that you have a secure way to track login sessions.
Upvotes: 2
mpaepper
Reputation: 4022
You could submit the userId of the current user. Then in the PHP script check the session and evaluate that the userId which is sent is the same as the user id of the logged in user.
Upvotes: 0
Related Questions
- securing php code from ajax / javascript misuse
- JS/jQuery security
- How can I protect my php, jquery, ajax requests from hackers?
- How to secure php scripts?
- javascript and php security
- How to secure my jQuery AJAX calls in PHP and Javascript?
- Implement Security to this application?
- How to secure sensitive PHP files that process Jquery data?
- Guide to Securing JQuery AJAX Code?
- How to make my code more secure