Sorry if this has been asked already, I’ve did a google search and couldn’t find the answer.
I am new to jquery and I am wondering how to protect my backend pages from being loaded by external users?
For example, if my jquery .post or .get calls “delete-post.php” I only want the jquery to be able to load that page. I don’t want some John Doe user realizing he can post data from his own form to delete-post.php and delete whatever he wants, or calling delete-post.php?id=whatever_id_he_wants.
I hope this makes sense? Like I said I am new to jQuery and am wondering about security.
About the only thing you can do, and something that you should be doing anyway, is checking that a user is logged in and is authorized to delete a post. You do this on the delete-post.php script by checking session variables.
The problem here isn’t with jQuery or AJAX, if this were a normal static form, the user would still be able to figure out how to post to this delete-post.php page anyway.
Hope this helps.
Edit: And welcome to SO. 🙂