Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
O
O
Optimus2016-11-17 07:54:28
PHP
Optimus, 2016-11-17 07:54:28

How to ensure security when working with Ajax?

There is a switch on the page, for example this:
6606f27c9598419aa45101a65ba426ba.png
When it is changed in the database, the value should change. Total chain goes:
Page with switch -> Page handler -> DB

Question: How to prevent a direct request to the handler page by third parties?
After all, the page with the switch has access to the session, for example, and can check its existence and the user id. The session handler page does not have access. Pass CSRF tag to handler? What will he compare it to? Nothing sensible comes to mind.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
E
Evgeny Kalibrov, 2016-11-17
Pyan @marrk2

Page handler - what is it?
Your request should be sent to the server, which should have the current user in the session, and he should check the access rights.

Similar questions
M
Mikhail Sokolov2015-08-28 20:53:01
How to set up Iptables + DB and restrict access? 4Reply
I
Ibrahim Kadirov2015-09-07 11:17:57
Recommend a platform (engine or plugin) for the online consulting service in directions? 5Reply
B
boris55952015-09-14 10:32:40
How are things today with such areas as data mining, big data (in Russia and abroad)? 4Reply
L
lexstile2017-08-23 13:28:38
How to withdraw additional group property in xsl template on hostcms 6? 2Reply
P
pwrchrd2017-09-08 01:48:34
Is it possible to get a JSON response from SQL with nested child tables? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question