: Really there is nothing different about this then any other application that accepts user input and has client-server communications. The fact that it's initiated by JavaScript is irrelevant.
Really there is nothing different about this then any other application that accepts user input and has client-server communications. The fact that it's initiated by JavaScript is irrelevant. You need to implement the usual safeguards for transmitting data (SSL) and also have some form of user authentication involved (login/password, tokens, etc).
Your server side script shouldn't care whether it's an Ajax request or regular form submission as it gets the same data either way. It should validate the request is authentic and validate the data accordingly.
Since I'm sure you built this site using the principle of Progressive Enhancement and it works without JavaScript being enabled you shouldn't have to do anything special for the Ajax requests. If you do then you've made errors with the basic functionality of your application and need to revisit it.
More posts by @Kevin317
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.