hi, I am having a site and in that site a page contains AJAX code. A javascript function has a HTTP request to another page with some arguments in the url, the server page gets the values from the url and insert them to the database. Someone had looked at my code and then hacked that to enter wrong values into the database. They directly called the javascript function from the location bar itself. How should i prevent this??Please help me in this?? Regards, Suganya
Uhmm... secure your system... don't write code like this that can so easily be manipulated... get rid of that JS function!
Actually I always using AJAX powered data flow. And since my site uses cookie based authentication method only authorized users can insert data to the site. In case you worry that data are added by program rather then human you can add captcha feature at the site.
Well... you should never trust anything that comes from a user. Whenever you're given data, don't just enter it into the database. What I'm trying to say is this: the problem isn't really that the user 'hacked' your Javascript, it's that you trusted what came from it. Check the data yourself for validity BEFORE adding it to the database. Pretty simple I would have thought.
Yyyeah, that was kind of my point too. The problem isn't the user, it's that you even have code that will just do whatever it's told without checking for potential problems, etc...