0

I'm very curious and I'm pretty sure that I have a security hole, though I'm not really sure, you guys are awesome and I think you can help me with this, so I got this ajax:

$.ajax(
{
    url: ...,
    type: "post",
    dataType: 'html',
    data: {current_data:current_data, is_post:is_posted, by_count:by_champion_count, by_arrangement:by_data_arrange, by_date:by_data_date, by_string:by_data_string, sql_line:sql},
    success: function(data)
    {
        ...
    }
});

I get these values(current_data, is_posted, etc...) with php(getting these really safe way), then in my file that ajax sends variables I'm getting more data from database with query, the question is, can this field:

data: {current_data:current_data, is_post:is_posted, by_count:by_champion_count, by_arrangement:by_data_arrange, by_date:by_data_date, by_string:by_data_string, sql_line:sql},

can this field(data) be overwritten by user, so he'd send fake data requests?

Improve this question
3
  • 1
    Probably more fitting on code review codereview.stackexchange.com and a better response. Maybe even security.stackexchange.com Commented Feb 26, 2015 at 14:02
  • 2
    ajax is just http. So yes, EVERYTHING you're doing via ajax can be faked/subverted by a user. Commented Feb 26, 2015 at 14:05
  • the short answer is yes the user can manipulate the data being sent in the post, the large security issue is that it looks like you are passing an sql statement with sql_line:sql Commented Feb 26, 2015 at 14:05

1 Answer 1

Reset to default
1

you have some options to make your system more secure:

1) Although security through obfuscation isn't really an option if your app posts data into a database, you could use it if your app just gets data from a db.

2) You could pass through some session id, which is stored in a database table with a timestamp. In your PHP you then check, whether the timestamp is less than X seconds away than time(). If it is, then you allow the user to post data.

3) Most secure: You send a (maybe even one-time) key with your html page, then as the ajax takes place again check in your php for that key. After the action the key is deleted or somehow made invalid in the database. This is really one of the most secure ways to do this, many online banking websites use this.

I hope I could help you out, Sebastian

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.