when sending parameters on the form via xmlhttp.open("GET","myformlocation/myform.aspx?Parm=1,Parm=2")

this can be hacked because javascript source is visible and others can send the parameters our form and pull results.

when using ajax is there a better way to pass the parameters so no one can see what has been passed?


thanks
goodkAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dave BaldwinFixer of ProblemsCommented:
Not really.  'xmlhttp.open' (aka AJAX) will always be viewable.  All <form>s are too.  Which is why you have to do filtering on the server page to eliminate spam.  It is what we all have to do.  As far as I know, everything on a web page is viewable.  The exception might be forms that are built using Adobe Flash.  But of course, those won't work on Apple 'iDevices' because Flash isn't allowed on them.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
goodkAuthor Commented:
well, when would technical people get together and find a solution to these security problems?
Dave BaldwinFixer of ProblemsCommented:
If you mean making forms and AJAX 'secret', there are no plans to ever do that.  A 'solution' would just lead to the next problem.  It doesn't end.  You can see that with viruses where when one is blocked, another one is created that is more clever than the one before.

While I guess it seems like a security risk to you, it is also the open-ness of the web that lets us track down those who abuse it.  We deal with these things by filtering the data that is submitted to the 'action' page to block and eliminate bad data.
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

goodkAuthor Commented:
is there any generalized filtration available? either for JavaScript or asp? thanks
Dave BaldwinFixer of ProblemsCommented:
Not generalized that I know but then, I write my own anyway.  If you think you are having problems, the most important thing is keep track of what you getting.  I copy the data from my forms on commercial sites into the database.  Then I can go thru and see what I need to be filtering out so my customer doesn't have to see it.  I also do that on 'search' forms because I have found that people are always trying to break into the database thru those forms.
goodkAuthor Commented:
thank you Dave Baldwin.
Dave BaldwinFixer of ProblemsCommented:
You're welcome.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
AJAX

From novice to tech pro — start learning today.