它安全通过AJAX来传递数据？ [英] is it safe to pass data via ajax?

问题描述

我创建脚本，将计算孩子的股利为一定的分区使用此命令

i created script which will count child's div for some certain div with this command

$('#content').children().size()

这个数我知道，从12获取到18从MySQL如果这个计数为12。 与萤火虫我可以找出这个计数，这将张贴到我的剧本，我想有没有什么办法来增大它的大小来获得以某种方式从我的数据库的详细信息？是它固定到从阿贾克斯通过这样的数据？

by this count i know to fetch from 12 to 18 from mysql if this count is 12. with firebug i can find out this count which will post to my script and i thought is there any way to increase this size to get more details from my database in some way?is it secure to pass such data from ajax?

2，有人可以发布数据或模拟张贴以任何方式，例如模拟数据，会通过这样的形式数据= 2和张贴;？富= 3及酒吧= 4 和欺骗服务器？

2-can someone post data or simulate posting in any way?for example simulate data which will post by form like this data=2&foo=3&bar=4 and cheating on server?

推荐答案

按我的意见，再一次为答案。

As per my comment, once more as answer.

安全是相对的。基本上，AJAX无非是基于JavaScript的一个普通的HTTP请求。因此，这不是任何或多或少的安全比一个像的。为了使安全，您可以使用HTTPS加密连接。这样的话，你应该能够prevent注入之类的东西。对于作弊......如果一个人真的想，他可以。你唯一可以做的事情，就是要仔细检查参数，从而检测违规行为。也许增加一个隐藏的校验和，只允许特定的选项。

'Safe' is relative. Basically AJAX is nothing but a plain HTTP request based on JavaScript. So it's not any more or less safe than one like that. To make it 'safe' you could use HTTPS to encrypt the connection. That way, you should be able to prevent injection and stuff. Regarding the cheating...if one really wants to, he can. The only thing you can do, is to check the parameters carefully and therefore detect irregularities. Maybe add a hidden checksum, which only allows for particular options.

这篇关于它安全通过AJAX来传递数据？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！