Reputation: 1
what should be kept in mind while writing secured ajax code using jquery for jsp
i am currently working on a web application project for payroll. this site is public. i want to use jquery + ajax to implement certain functionality with server side lang as jsp. what are the guidelines helpful in writing a mature,secured code.
Upvotes: 0
Views: 165
Answers (2)
Reputation: 57268
Get on a whiteboard and write.
I promise to sanitize,filter and validate my data before any changes are made.
I promise to sanitize,filter and validate my data before any changes are made.
I promise to sanitize,filter and validate my data before any changes are made.
I promise to sanitize,filter and validate my data before any changes are made.
I promise to sanitize,filter and validate my data before any changes are made.
I promise to sanitize,filter and validate my data before any changes are made.
Now then.
When writing a system like this you need to keep your code abstract, Dont just write a function per action, Example
Do not do this way.
function updateEmailAddress(id,email)
{
$.post("ajax/updateEmail.php",{id:id,email:email});
}
updateEmailAddress(22,'[email protected]');
Do it like so, build a system of reusable code.
System = {
Send : function(location,method,data,callback)
{
//Send here to location via method with data and then invoke the callback
}
}
Actions = {
UpdateMail(id,mail)
{
System.Send('ajax/mailupdate.php','post',{id:id,email:mail},function(data){
//Validate Server Responce
});
}
CheckLoginState(callback)
{
System.Send('ajax/loginState.php','post',{},function(data){
callback(data ? true : false);
});
}
//ETC
//ETC
}
Action.CheckLoginState(function(loggedin){
if(loggedin){
Action.UpdateMail(someId,SomeEmail);
}
});
Upvotes: 0
Reputation: 3798
Lesson #1
Sanitize your inputs
You can make this pretty by introducing client side validation on forms etc, but by no means rely on this to give clean data to your JSP. Your JSP will need to match all data received against known good inputs. If any input does match expected inputs, then a generic error should be thrown.
I cannot stress this enough, especially for payroll software.
Upvotes: 1
Related Questions
- Security risk in using jQuery Ajax
- Securing ajax calls in a ASP.NET MVC application
- Jquery Ajax security concerns
- Best Practice with jQuery and AJAX calls
- Implementing Security for Ajax calls
- Making AJAX calls secure
- howto make secure ajax requests with jquery?
- ajax security?
- Making safe ajax calls with jQuery
- How to secure AJAX request in ASP.NET?