Reputation: 646
JS/jQuery security
As a beginner, I'm always wondering if what I'm doing is actually secure. For example, recently I finished working on some code which checks how many times a (cross-domain) iframe has been clicked. And when clicked, inserting a row into a MySQL (log) table based on an ajax request(with jquery) which wraps the ID of the iframe into a $_POST:
$.ajax({
url: 'execute.php',
data: {action: 'some-id'},
type: 'post'
});
However I'm wondering: Because JavaScript is executed client-side, is it possible for a user to send fake data through the ajax request to the 'execute.php' page?
Upvotes: 0
Views: 29
Answers (2)
Reputation: 4141
is it possible for a user to send fake data through the ajax request to the 'execute.php' page?
It is completely possible, you should add validations on the server.
For example, if i go to your site, open the console and write this code:
$.ajax({
url: 'execute.php',
data: {action: '1'},
type: 'post'
});
It will send a request to your execute.php sending the info action=1.
Upvotes: 2
Reputation: 39679
is it possible for a user to send fake data through the ajax request to the 'execute.php' page?
Yes.
Upvotes: 2
Related Questions
- PHP+jQuery game security
- javascript and php security
- How to create safe scripts PHP + jquery
- How to secure my jQuery AJAX calls in PHP and Javascript?
- Implement Security to this application?
- jquery/javascript security
- Guide to Securing JQuery AJAX Code?
- Possible security concerns with PHP
- Ajax Security (i hope)
- AJAX Security Help