Radu
Radu

Reputation: 636

JS/jQuery security

As a beginner, I'm always wondering if what I'm doing is actually secure. For example, recently I finished working on some code which checks how many times a (cross-domain) iframe has been clicked. And when clicked, inserting a row into a MySQL (log) table based on an ajax request(with jquery) which wraps the ID of the iframe into a $_POST:

$.ajax({ 
        url: 'execute.php',
        data: {action: 'some-id'},
        type: 'post'
    });

However I'm wondering: Because JavaScript is executed client-side, is it possible for a user to send fake data through the ajax request to the 'execute.php' page?

Upvotes: 0

Views: 29

Answers (2)

Mindastic
Mindastic

Reputation: 4141

is it possible for a user to send fake data through the ajax request to the 'execute.php' page?

It is completely possible, you should add validations on the server.

For example, if i go to your site, open the console and write this code:

    $.ajax({ 
        url: 'execute.php',
        data: {action: '1'},
        type: 'post'
    });

It will send a request to your execute.php sending the info action=1.

Upvotes: 2

jmar777
jmar777

Reputation: 39679

is it possible for a user to send fake data through the ajax request to the 'execute.php' page?

Yes.

Upvotes: 2

Related Questions