On Fri, August 3, 2007 8:39 am, Jay Blanchard wrote: > One of my developers saw the following article; > > http://arstechnica.com/news.ars/post/20070802-security-experts-warn-deve > lopers-about-the-risks-of-premature-ajax-ulation.html > > How are you securing Ajax? I know that for the most part we send data > to > a PHP script for processing, so all of the normal rules for sending > that > data apply (mysql_real_escape_string(), etc.) I think you meant that all the normal rules for RECEIVING that data still apply. Specifically, all Ajax data is coming from the user and you cannot assume anything about it being "safe" or in any particular format. Down in the guts of Ajax, it just does a GET or POST of data from the outside world. Any moron can manage to forge a GET or POST with whatever data they want to cram in there. -- Some people have a "gift" link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
