Re: [PHP] Securing AJAX requests with PHP?
- From: phpster@xxxxxxxxx ("Bastien Koert")
- Date: Sun, 19 Oct 2008 18:38:20 -0400
On Sat, Oct 18, 2008 at 11:28 AM, Jay Moore <jaymoore@xxxxxxxxxxxx> wrote:
Yeti wrote:True, but then my permission / auth / workflow schema defines all that. the
Ok, but how safe are tokens?
Thinking of man in the middle attacks they do not make much sense, do
they?
That's what I was thinking too. If I'm deleting an entry from a database
with AJAX, I don't want someone looking at my Javascript and saying, "Hmm,
all I need to do is pass this info to this URL and I can delete at will."
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
user won't like have that permission, the request will be logged and nothing
is ever deleted from the app in any case since I only allow soft (record
level flag ) deletes to ensure data integrity
--
Bastien
Cat, the other other white meat
- Follow-Ups:
- Re: [PHP] Securing AJAX requests with PHP?
- From: Yeti
- Re: Securing AJAX requests with PHP?
- From: Alex Weber
- Re: [PHP] Securing AJAX requests with PHP?
- References:
- Securing AJAX requests with PHP?
- From: Jay Moore
- Re: [PHP] Securing AJAX requests with PHP?
- From: Jochem Maas
- Re: [PHP] Securing AJAX requests with PHP?
- From: Yeti
- Re: [PHP] Securing AJAX requests with PHP?
- From: "Bastien Koert"
- Re: [PHP] Securing AJAX requests with PHP?
- From: Yeti
- Re: [PHP] Securing AJAX requests with PHP?
- From: Jay Moore
- Securing AJAX requests with PHP?
- Prev by Date: Re: [PHP] Randomiser
- Next by Date: Best way to recieve image from url?
- Previous by thread: Re: [PHP] Securing AJAX requests with PHP?
- Next by thread: Re: Securing AJAX requests with PHP?
- Index(es):
Relevant Pages
|
