Learn how to a build a cloud-first strategyRegister Now


Securing AJAX pages

Posted on 2007-07-25
Medium Priority
Last Modified: 2012-06-02

Is it possible to secure my ajax pages?  Ajax normally needs 2 pages, the front-end page which displays the results returned, and the backend page which generates the results.  How do I stop people from accessing the backend pages?

for example, right now people can do something like


and it will show them everything based on the querystring.

how can i stop them from doing that?
Question by:narmi2
  • 2
LVL 24

Accepted Solution

glcummins earned 2000 total points
ID: 19565619
I have found that the easiest way to accomplish this is to generate a secure key for each browser session. Each time a user opens a new session, your initial backend scipt should create a key and send it along with the HTML/Javascript. Your Ajax functions should send this key to the backend with each request. You only respond to the request if A) the key is present, and B) it matches the key that you generated initially.

You can also store browser or IP information when you generate the key, and use these to make sure that someone hasn't hijacked as session in progress.

Finally, make sure the keys expire in a reasonable amount of time, so that brute-forcing will be less likely to succeed.
LVL 24

Expert Comment

ID: 19565640
Also take a look at SAJA (http://saja.sourceforge.net/), which focuses on Ajax security.

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The article shows the basic steps of integrating an HTML theme template into an ASP.NET MVC project
In this blog, we’ll look at how improvements to Percona XtraDB Cluster improved IST performance.
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)
Suggested Courses
Course of the Month20 days, 15 hours left to enroll

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question