Ajax安全 [英] Ajax Security

问题描述

我们有一个沉重的Ajax相关的应用程序。是什么使得它确保请求到服务器端脚本，不通过独立的程序来了，是通过一个实际用户坐在一个浏览器

We have a heavy Ajax dependent application. What are the good ways of making it sure that the request to server side scripts are not coming through standalone programs and are through an actual user sitting on a browser

推荐答案

有没有什么真的。

通过浏览器发送的任何请求都可以通过独立的程序伪造了起来。

Any request sent through a browser can be faked up by standalone programs.

在一天结束的时候，真的很重要吗？如果你担心，那么要确保请求验证和授权和身份验证过程是很好的（记得阿贾克斯将浏览器的cookies - 让你的正常的认证工作得很好）。只记得那当然，独立的程序可以验证过。

At the end of the day does it really matter? If you're worried then make sure requests are authenticated and authorised and your authentication process is good (remember Ajax sends browser cookies - so your "normal" authentication will work just fine). Just remember that, of course, standalone programs can authenticate too.

这篇关于Ajax安全的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！