when sending parameters on the form via xmlhttp.open("GET","myformlocation/myform.aspx?Parm=1,Parm=2")
this can be hacked because javascript source is visible and others can send the parameters our form and pull results.
when using ajax is there a better way to pass the parameters so no one can see what has been passed?
thanks
when using ajax is there a better way to pass the parameters so no one can see what has been passed?
thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If you mean making forms and AJAX 'secret', there are no plans to ever do that. A 'solution' would just lead to the next problem. It doesn't end. You can see that with viruses where when one is blocked, another one is created that is more clever than the one before.
While I guess it seems like a security risk to you, it is also the open-ness of the web that lets us track down those who abuse it. We deal with these things by filtering the data that is submitted to the 'action' page to block and eliminate bad data.
While I guess it seems like a security risk to you, it is also the open-ness of the web that lets us track down those who abuse it. We deal with these things by filtering the data that is submitted to the 'action' page to block and eliminate bad data.
ASKER
is there any generalized filtration available? either for JavaScript or asp? thanks
Not generalized that I know but then, I write my own anyway. If you think you are having problems, the most important thing is keep track of what you getting. I copy the data from my forms on commercial sites into the database. Then I can go thru and see what I need to be filtering out so my customer doesn't have to see it. I also do that on 'search' forms because I have found that people are always trying to break into the database thru those forms.
ASKER
thank you Dave Baldwin.
You're welcome.
ASKER