On Fri, 2007-05-11 at 10:33 -0300, Rangel Reale wrote: > That was only an example, the question is, how do I protect possibly > sensitive data sent by AJAX, so one user can't access other user's data? > > Is the anwser just "don't do this with AJAX"? No, do what you would normally do. Filter access to data based on the user's permissions. Ajax requests are like any other http request. Cookies are sent. If you aren't using cookies and relying exclusively on PHP trans SID or something similar, then just make sure the ID is sent in the Ajax request. Then as with any request, check permissions and dole out information appropriately. Cheers, Rob. -- .------------------------------------------------------------. | InterJinn Application Framework - http://www.interjinn.com | :------------------------------------------------------------: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `------------------------------------------------------------' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
