Re: security for AJAX-style function calls
- From: "Bruce Barker" <brubar_nospamplease_@xxxxxxxxxx>
- Date: Mon, 12 Dec 2005 09:12:12 -0800
not particularly secure, this is not much different than just using the
session id. if you need security, you should run over https, so sniffers can
not be used.
-- bruce (sqlwork.com)
"PJ6" <nobody@xxxxxxxxxxx> wrote in message
news:OP%23lPyy$FHA.2256@xxxxxxxxxxxxxxxxxxxxxxx
>I have AJAX-style calls that will require a user's login for permission
>checks. I might have been OK with the login ID rolled into a session
>variable, but now I'm faced with calling my AJAX functions with the login,
>which would be pretty easy to hack.
>
> I was thinking on a successful login attempt to issue a GUID to that
> session and store it in a hashtable server-side with the login name,
> probably expire it after 24 hours.
>
> This seems pretty straightforward to do but I've had it drilled into me
> that one does not 'home-brew' security, one uses whatever is commonly
> available and accepted as secure. I just wanted to check here if this
> approach is OK.
>
> Paul
>
.
- Follow-Ups:
- References:
- security for AJAX-style function calls
- From: PJ6
- security for AJAX-style function calls
- Prev by Date: Re: Accessing control in Wizard..?
- Next by Date: Re: Threading, using APPLICATION objects
- Previous by thread: security for AJAX-style function calls
- Next by thread: Re: security for AJAX-style function calls
- Index(es):
Relevant Pages
|
