security - How can I better protect my php, jquery, ajax requests from malicious users -

-

i send lot of data through jquerys getjson method, example of function is

function dosomething(sid){     if(sid){      $.getjson("ajax/ajaxdosomething.php",{sid:""+sid+""}, function(data){         //alert(data);         if(data.success == true){             $('#add_vote_div').html('vote received');             $('#list_data_div').html(data.html);         }         else{             $('#add_vote_div').html(data.message);         }     });   }  }`

the problem can @ source , see location of php file sending data to, therefore point browser there , append data url. checks on data make sure right data type, dont want users able go url @ all.

i thought maybe put ajax files behind main document root work jquery can't link absolute paths like

$.getjson("var/www/ajax/dosomething.php",{sid:""+sid+""}

(main document root var/www/html/)

if made $.postjson work better, doesn't exist, ideas?

it raises bar hacking slightly, can post json via jquery.ajax (that's link) or jquery.post (so's that). jquery.getjson wrapper ajax (as .post, , .get). getjson docs:

this shorthand ajax function, equivalent to:

$.ajax({     url:      url,     datatype: 'json',     data:     data,     success:  callback });

thus, postjson concept, you'd add type parameter it:

$.ajax({     url:      url,     type:     'post',   // <== new bit     datatype: 'json',     data:     data,     success:  callback });

if wanted to, add postjson jquery object, pre-processing arguments , calling $.ajax. copy-and-paste the jquery source, switching .get .post:

if (!jquery.postjson) {     jquery.postjson = function( url, data, callback ) {         return jquery.post(url, data, callback, "json");     }; }

mind you, it's still pretty easy fake post. not easy get, still pretty easy.


Comments

Post a Comment

Popular posts from this blog

c++ - How to modify context menu of internet explorer using IDocHostUIHandler::ShowContextMenu? -

-
i trying implement custom menu internet explorer 7.0. have use idochostuihandler::showcontextmenu only. till able implement basic context menu 2 options. problem disabled default. sample code same is: hresult cwebeventhandler::showcontextmenu(dword dwid,point *ppt, iunknown *pcmdtarget, idispatch *pdispobject) { if (false) // put guard code here. of not consider return s_false; // show standard context menus. else { iolewindow* pwnd = null; hresult hr = pcmdtarget->queryinterface(iid_iolewindow, (void**) &pwnd); if (succeeded(hr)) { hwnd hwnd; if (succeeded(pwnd->getwindow(&hwnd))) { hmenu menu = ::createpopupmenu(); ::appendmenu(menu, mf_string, id_hello, l"&hello" ); // id_hello & id_world 2 menu resource items ::appendmenu(menu, mf_string, id_world, l"&world" ); ...
Read more

android - Spacing between the stars of a rating bar? -

-
ho can set spacing beween stars? thats ratingbar: ratingbar = (ratingbar) inflater.inflate(r.layout.ratingbar, null); ratingbar.setlayoutparams(new layoutparams(layoutparams.wrap_content, layoutparams.wrap_content)); the layout: <?xml version="1.0" encoding="utf-8"?> <ratingbar xmlns:android="http://schemas.android.com/apk/res/android" style="@style/mystyle" android:layout_alignparentright="true" android:layout_height="19dp" android:layout_width="wrap_content" android:numstars="5"> </ratingbar> the style: <style name="mystyle" parent="@android:style/widget.ratingbar"> <item name="android:progressdrawable">@drawable/android_r2_ratingstar_yellow</item> <item name="android:indeterminatedrawable">@drawable/android_r2_ratingstar_grey</item> </style> thanks, cheers you have ...
Read more

c# - Getting "Internal .Net Framework Data Provider error 30" error when column has NULL value -

-
i have simple .net console program uses odbcdatareader fetch rows advantage local server. using system dsn defined via odbc administrator on windows 7. data source uses advantage streamlinesql odbc driver v 10.00.00.03 , following params: database path: table type: advantage available server types: local server (als) the program works fine until encounters row has null value in column. exception: system.invalidoperationexception caught message=internal .net framework data provider error 30. source=system.data stacktrace: @ system.data.providerbase.dbbuffer.validate(int32 offset, int32 count) @ system.data.providerbase.dbbuffer.ptrtostringuni(int32 offset, int32 length) @ system.data.odbc.odbcdatareader.internalgetstring(int32 i) @ system.data.odbc.odbcdatareader.getvalue(int32 i, typemap typemap) @ system.data.odbc.odbcdatareader.getvalue(int32 i) @ system.data.odbc.odbcdatareader.isdbnull(int32 i) @ odbctest.program....
Read more