ajax and security

[cssfreakie]

Hi all,

 

I just started to learn how to use ajax by using the jquery library. But i was wondering if there are any drawbacks or special (extra) things to pay attention to securitywise.

Since one can not rely on client side filtering or validation i thought when the processing script does this like normally would be the case there would be no other security extra's.

 

Is anyone experienced with this? I really have no idea and i just followed a simple tutorial to use jquery with ajax.

 

[codefossa]

You are much better off using a post and gathering the data sent back from php than relying on client-side security.  They can easily change that, and get around any filter you set in that manner.  JQuery & AJAX will allow you to do the filtering/posting/and whatever else you need without the need to refresh the page though, which is a big up on the users side.

[cssfreakie]

I think i should clarify myself more, because i totality agree with you that we cant rely on client side validation(ill probbaly add it just for extra look and feel). But since i never did something with ajax as a medium (to sent and retrieve stuff) i was wondering if i need to add more (additional) filtering sanitation as i would normally do.

 

In other words, normally i have a form.php with an action to process.php that last one does all the filtering and sanitation. Now when ajax is put between them is there something extra to watch for?