On Tue, Oct 21, 2008 at 5:12 AM, Yeti <yeti@xxxxxxxxxx> wrote: >> True, but then my permission / auth / workflow schema defines all that. the >> user won't like have that permission, the request will be logged and nothing >> is ever deleted from the app in any case since I only allow soft (record >> level flag ) deletes to ensure data integrity > > I agree with Bastien here. If you can't trust your authorized users > then don't authorize them to delete entries. I would also recommend > some kind of access control to lower the risk of a complete data loss. > Use HTTPS to prevent man in the middle attacks. > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > That is a bit overkill going https for everything. If you just make ajax requests behave the same way as a normal direct hit, you'll be fine. One of the problems with ajax stuff is that sometimes we forget to validate each request validating the user making the request and the action they're performing. It's quite easy to just assume the request hasn't been changed at all since it is buried behind code. Everyone's guilty of this at one point or another. Just look at this google docs example. [1] I'd recommend reading up on the concepts of authentication and authorization. Authentication just makes sure you're logged in. Authorization makes sure you can perform a specific action. Once you have that you'll be able to answer the original question. Of course you can also go into other types of things like creating signatures for each request and tokens (which should be done), but start at the beginning and work at it. I'd also recommend installing something like httplive headers or firebug just to get an idea of what is going over the wire. It might make things more obvious. [1] http://xs-sniper.com/blog/2007/09/28/all-your-google-docs-are-belong-to-us/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
