473,382 Members | 1,407 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp.net > questions > security for ajax-style function calls

Join Bytes to post your question to a community of 473,382 software developers and data experts.

security for AJAX-style function calls

PJ6
I have AJAX-style calls that will require a user's login for permission
checks. I might have been OK with the login ID rolled into a session
variable, but now I'm faced with calling my AJAX functions with the login,
which would be pretty easy to hack.

I was thinking on a successful login attempt to issue a GUID to that session
and store it in a hashtable server-side with the login name, probably expire
it after 24 hours.

This seems pretty straightforward to do but I've had it drilled into me that
one does not 'home-brew' security, one uses whatever is commonly available
and accepted as secure. I just wanted to check here if this approach is OK.

Paul
Dec 12 '05 #1
2 1096
not particularly secure, this is not much different than just using the
session id. if you need security, you should run over https, so sniffers can
not be used.

-- bruce (sqlwork.com)
"PJ6" <no****@nowhere.net> wrote in message
news:OP****************@TK2MSFTNGP11.phx.gbl...
I have AJAX-style calls that will require a user's login for permission
checks. I might have been OK with the login ID rolled into a session
variable, but now I'm faced with calling my AJAX functions with the login,
which would be pretty easy to hack.

I was thinking on a successful login attempt to issue a GUID to that
session and store it in a hashtable server-side with the login name,
probably expire it after 24 hours.

This seems pretty straightforward to do but I've had it drilled into me
that one does not 'home-brew' security, one uses whatever is commonly
available and accepted as secure. I just wanted to check here if this
approach is OK.

Paul

Dec 12 '05 #2
PJ6
OK, thanks.

Paul

"Bruce Barker" <br******************@safeco.com> wrote in message
news:%2****************@TK2MSFTNGP14.phx.gbl...
not particularly secure, this is not much different than just using the
session id. if you need security, you should run over https, so sniffers
can not be used.

-- bruce (sqlwork.com)

Dec 13 '05 #3
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

0
Error System.Security.Permissions.ReflectionPermission
by: Etienne | last post by:
I'm using DotNetNuke 3.1 and it works well. I try to use Ajax with it. But if I add the Ajax specification in web.config : <add verb="GET,POST" path="vbwrapper/*.ashx"...
ASP.NET
4
can someone explain the cross domain security re AjAX in IE?
by: Adrian | last post by:
can someone explain the cross domain security re AJAX in IE? I have a page that calls a web service (WS) from another domain (the target browser is only IE6) and displays it's results! all works...
Javascript
4
Ajax a security threat
by: Jim Land | last post by:
From the 23rd Chaos Communication Congress, 12/2006: Subverting AJAX Next generation vulnerabilities in 2.0 Web Applications "...by applying advanced Javascript techniques like prototyping...
Javascript
2
Just a thought about ajax, ssl and users' perceptions about security
by: vituko | last post by:
Hello, from Spain!! Just a thought about ajax, ssl and the perception that the users could have about the security of your site. People look for a padlock, hope to see https:// and a different...
Javascript
2
AJAX and security
by: catherine | last post by:
Hi, I am playing around with AJAX and I was wondering about security of the webservice which is used to populated dropdown boxes etc. Obviously, like any webservice I place online security is an...
C# / C Sharp
0
Wordpress or something else?
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
Content Management Systems
0
isladogs
Access Europe: Command bars, the Access Shortcut Tool and a simple Audit Log - Wed 3 April
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...
General
0
One-click Importing Excel Data into a*Database
by: ryjfgjl | last post by:
In our work, we often need to import Excel data into databases (such as MySQL, SQL Server, Oracle) for data analysis and processing. Usually, we use database tools like Navicat or the Excel import...
Microsoft Excel
0
Easy Steps to Fix "Canon Printer Won't Connect to WiFi Network"
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
General
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Basic Javascript concepts
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
Javascript
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!