Many a times i do some weird things while using jquery ajax. I mean, i keep a hidden variable which contains id and then when somebody clicks button, i run a javascript function which passes ajax request along with the id that is contained in hidden field. Is this normal? What if somebody uses firebug or any such tool and changes the javascript function and passes some other ids? It will update and delete other records which may not belong to that user? How do you all handle this?
Many a times i do some weird things while using jquery ajax . I
Share
You need to secure this server-side, you can’t protect it on the client-side, nor should you.
JavaScript is viewable, executable, dynamic, open…it’s everything you would want when doing…well, whatever you want with it, which is a very bad thing for security. You need to check the passed id against what the user should have access to on the server when processing the request.
Anything, and I mean anything you do on the client is a deterrent, not a solution, and really there are no effective JavaScript deterrents I’ve ever seen. Even if you could secure it, I can just open Firebug, Fiddler, Wireshark, Chrome console or one of a dozen other tools to see what the request is ultimately sending anyway.