Reputation: 789
Ajax with PHP Security Concern
We have an application that has a lot of forms for submitting data. The forms make heavy use of AJAX with JSON for posting information to the database. I'm concerned about events where a malicious user may try to call our Ajax interface by passing JSON structured data. The php script would not differentiate between our own server calling it or the call being made from outside. In theory, the malicious user can write content in our database without going through our website. Is this a valid concern and if so, are there ways to tackle this ?
Upvotes: 3
Views: 83
Answers (2)
Reputation: 1411
HTTPS (HTTP through SSL/TLC) is what you want. The protocol will deal with server authentication and (optional) client authentication. You just need enable it in your server, you will be protected from man in the middle attack.
Upvotes: 1
Reputation: 9306
Yes, this is a valid concern. OWASP has some good guidelines here that you should read.
I would like to stress that you shouldn't rely on client logic.
Upvotes: 1