Security Concerns With AJAX

  • IcyDragoon
  • Student
  • Student
  • IcyDragoon
  • Posts: 65

Post 3+ Months Ago

is it secure to pass and send sensitive info, such as password, around with ajax's post method?

or info that will be sent to a php page and later used to query MySql?

any work arounds or tips are welcome.

Thanks, =]
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • ecuador
  • Student
  • Student
  • User avatar
  • Posts: 90
  • Loc: Germany

Post 3+ Months Ago

Hi,

well surely AJAX increases the attack surface, making it inevitable to check and double check your code. Every piece of sent data needs to be evaluated server-side, meaning passwords and logins etc have to be sent to a server-side script like php which then does the validation. Worst case would be to do the checks on the client's side.

Yet, this method still has some security risks, as it opens the possibility of brute-force methods on login scripts etc. That needs to be prevented by i.e. a counter which checks how many login tries from the same IP are done in a certain period of time.

Except this, AJAX is as good or bad as anything else. Unfortunately there are no best practices guides now, just ensure to check every user provided information properly like with common systems.

Post Information

  • Total Posts in this topic: 2 posts
  • Users browsing this forum: No registered users and 44 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.