Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Ajax Security and Accessibility <general question>

Status
Not open for further replies.
theEclipse

theEclipse

Programmer
Dec 27, 1999
1,190
US
I have written a few ajax applications in the past and I have been worried about two things when writing them.

[ol][li]When somebody visits my ajax enhanced page without javascript enabled, what is going to happen? Generally I have had to write two server-side scripts to handle the requests from the client javascript. This seems like a pain to me...dualcoding.[/li][li]And I have been worried about security. How can I better authenticate so that my own ajax can't be used against me? Up to now I have just limited the information being sent to simple information...stuff that is worthless. I am not exactly worried about snooping, but rather some sort of reverse-engineering or rewriting my code for data-extraction.[/li][/ol]

I'll admit that I haven't been paying much attention to the ajax community (on the web, not just @ TT) so I am wondering if there are better ways to solve these problems.

Robert Carpenter
Remember....eternity is much longer than this ~80 years we will spend roaming this earth.
ô¿ô
 
Sort by date Sort by votes
Regarding your first question - there is no need to code the back-end twice... do it once for the non ajax solution... and get it tidy. Then just pass through an extra parameter in your AJAX params (with javascript enabled) that is picked up server-side and switches the functionality (to add in the minor changes when requesting the data using AJAX - usually preventing redirect or something). You can extend this to include json and xml as well if you are keen.

The second point... I'll leave for someone else to answer (I'm off home for the weekend - and it's more than a quick paragraph) [smile]

Cheers,
Jeff


[tt]Jeff's Page [!]@[/!] Code Couch
[/tt]

Make sure your web page and css validates properly against the doctype you have chosen - before you attempt to debug a problem!

FAQ216-6094
 
Upvote 0 Downvote
On point 2, you could check the HTTP referrer. While (AFAIK) it isn't mandatory to send this, chances are it will be sent.

Yes - it could be spoofed, so you could add in filtering to ignore AJAX GET requests as well just to make it that small amount more annoying to get informatin back... but at the end of the day, if someone is *really* determined, then you might have to go down an HTTPS route and use some sort of key/authentication mechanism.

Hope this helps,
Dan



Coedit Limited - Delivering standards compliant, accessible web solutions

[tt]Dan's Page [blue]@[/blue] Code Couch
[/tt]
 
Upvote 0 Downvote
Dan,

I am not an expert, but it would seem the HTTPS using client-side certificates would offer very decent anti-spoofing capability. Of course, those come with some administrative burden....

Tom Morrison
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

AlecBS
  • Locked
  • Question
Solution for jscolor AJAX issue
Replies
0
Views
91
AlecBS
AlecBS
Jenisha chauhan
  • Locked
  • Question
HOW TO CONVERT LATTITUDE AND LONGITUDE
Replies
0
Views
111
Jenisha chauhan
Jenisha chauhan
penguinspeaks
  • Locked
  • Question
Noob Ajax question
Replies
3
Views
130
Udvikler11
Udvikler11
BobMCT
  • Locked
  • Question
Assist request for onclick event to trigger ajax call?
Replies
1
Views
114
Diancecht
Diancecht
JRB-Bldr
  • Locked
  • Question
AJAX UPDATEPANEL ProgressBar with external TimerControl not working
Replies
9
Views
231
jpadie
jpadie

Part and Inventory Search

Sponsor

Back
Top