Results 1 to 1 of 1

Thread: Ajax Security Question

  1. #1
    Join Date
    Sep 2008
    Posts
    119
    Thanks
    13
    Thanked 0 Times in 0 Posts

    Question Ajax Security Question

    So,

    I've made an Ajax request page that calls itself. I utilized the Prototype "serialize" function to pass all of my form variables as well in this example, and so it's very efficient. My question is that of security, and if there is perhaps a higher probability of injection *if the file is calling itself rather than an external file*, and if so - why? Any insight on this method would be appreciated, as I find it very useful. Here's the code.

    - Best

    PHP Code:
    <?
     
    // THIS GOES RIGHT BEFORE THE DOCTYPE TAG //
    if ($_POST['indreq']){echo "regresponse[target]Request Recieved:".$_POST['indreq'];} 
    ?>
    HTML Code:
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
    <title>Ajax</title>
    
    <script src="scripts/prototype.js" type="text/javascript"></script>
    <script src="scripts/unittest.js" type="text/javascript"></script>
    <script src="scripts/scriptaculous.js" type="text/javascript"></script>
    <script type="text/javascript">
    window.onload = startfunctions;
    function startfunctions()
    {$('send').onclick = function() {request();}}
    function request()
    {new Ajax.Request('index.php', { method: 'post', parameters: { indreq: $('form1').serialize()}, onSuccess: function(p)  
    {target = p.responseText.split("[target]");$(target[0]).update(target[1]);}})}
    </script>
    <style type="text/css">
    label {font-size:11px;color:#333333;font-family:Arial, Helvetica, sans-serif;}
    input[type=text]{border:1px solid #333333;font-size:11px;color:#333333;font-family:Arial, Helvetica, sans-serif;}
    input[type=password]{border:1px solid #333333;font-size:11px;color:#333333;font-family:Arial, Helvetica, sans-serif;}
    input[type=button]{border:1px solid #333333;font-size:11px;color:#333333;font-family:Arial, Helvetica, sans-serif;background-color:#ffffff;}
    #regresponse{color:#003300;font-size:11px;font-family:Arial, Helvetica, sans-serif;}
    #error{float:left;height:200px;padding:20px;color:#003300;}
    </style>
    </head>
    <body>
    <form id="form1" name="form1" style="width:150px;">
    <label>email address:<input type="text" name="email_address" id="email_address" /></label>
    <label>desired password:<input type="password" name="password" id="password" /></label>
    <label>repeat password:<input type="password" name="password2" id="password2" /></label>
    <p><input type="button" name="send" id="send" value="Register" /></p>
    </form>
    <div id="regresponse" name="regresponse"></div>
    </body>
    </html>
    Last edited by Falkon303; 10-15-2009 at 05:11 PM.
    document.write is document.wrong

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •