Results 1 to 2 of 2
Thread: ajax and php
Apr 19, 2008, 02:53 #1
ajax and php
i'm currently learning AJAX techniques under PHP and i feel concerned by security aspect of AJAX.
since we need the PHP page name in AJAX code to connect/retrieve data, it means that every body can see which PHP page (as folder) we use.
this is from my point of view a security breach as later on, hackers could use this folder/php_page to try to access sensitive data.
here is the code example that i always see as AJAX - PHP interaction.
Apr 19, 2008, 09:42 #2
- Join Date
- Mar 2008
- 0 Post(s)
- 0 Thread(s)
You should never rely on people not knowing where files are as a security feature. You must always assume that any PHP script on the web will be accessible to the user (even without their knowledge as with AJAX) and therefore to any malicious person. Make sure all inputs to the script are valid and that its as secure as you can make it.