SitePoint Sponsor

User Tag List

Results 1 to 2 of 2

Thread: ajax and php

  1. #1
    SitePoint Zealot maileen's Avatar
    Join Date
    Apr 2006
    Posts
    158
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Question ajax and php

    Hi,

    i'm currently learning AJAX techniques under PHP and i feel concerned by security aspect of AJAX.

    since we need the PHP page name in AJAX code to connect/retrieve data, it means that every body can see which PHP page (as folder) we use.

    this is from my point of view a security breach as later on, hackers could use this folder/php_page to try to access sensitive data.

    here is the code example that i always see as AJAX - PHP interaction.
    Code:
    //Check if we are using IE.
    try
    {
       //If the javascript version is greater than 5.
       xmlhttp = new ActiveXObject("Msxml2.XMLHTTP");
    }
    catch (e)
    {
       //If not, then use the older active x object.
       try
       {
          //If we are using IE.
          xmlhttp = new ActiveXObject("Microsoft.XMLHTTP");
       }
       catch (E)
       {
          //Else we must be using a non-IE browser.
          xmlhttp = false;
       }
    }
    
    //If we are using a non-IE browser, create a javascript instance of the object.
    if (!xmlhttp && typeof XMLHttpRequest != 'undefined')
    {
       xmlhttp = new XMLHttpRequest();
    }
    ...
    xmlhttp.open("POST", serverPage); // where serverPage is the PHP page
    is there a better way to ensure security from AJAX side ?

    thx.

  2. #2
    SitePoint Member
    Join Date
    Mar 2008
    Posts
    13
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You should never rely on people not knowing where files are as a security feature. You must always assume that any PHP script on the web will be accessible to the user (even without their knowledge as with AJAX) and therefore to any malicious person. Make sure all inputs to the script are valid and that its as secure as you can make it.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •