I'm using jquery ajax to post updates back to my server. I'm concerned about making sure I have put in place appropriate measures so that only my AJAX calls can post ... |
I use Ajax (jQuery) and the POST method to update data in the database. I do the following:
- Get data from the form: user_id, entry_id, content,...
- Send them to a URL which will ...
|
is the following safe?
index.html
<div id="loader">loading...</div>
<div onclick="foo()">click me</div>
<div id="change"></div>
<script>
...
|
I've seen it recommended to reference jQuery via:
<script type="text/javascript"
src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js">
</script>
The idea being most people already have a cached copy on their client.
What if a hacker replaces that ... |
Working on a major financial company's website, we tend to shy away from using the CDN-hosted versions of the jQuery library used throughout our site because of "security concerns".
I'm assuming (although ... |
In my JavaScript game (made with jQuery) I have player position stored in a database. When character is moving, i just send request to specyfic URL, I.E. mysite.com/map/x1/y3 (where a ... |
Now that JavaScript libraries like jQuery are more popular than ever, .js files are starting to contain more and more of a site's logic. How and where it pulls data/information from, ... |
|
We're using jQuery and I've come across the following jQuery vulnerability in the National Vulnerability Database:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-2379
Has this been fixed in more recent versions of jQuery? The original release ... |
I am working on some auto-suggest feature.
The script is fairly itself.
When a character is typed in to the textbox it sends a ajax post (or get) request to the php ... |
When I look back my codes that written earlier time, I found something terribly bad.
Whenever I want to delete a record in the database, I did like this :
$.post("deleteAction.do",{recordId:10});
I cannot prevent ... |
Just now i'm writing a project, and i desided to write it with jquery and ajax requests.
only thing, i don't know, is it secure enough?
for example, when i verify the username, ... |
Grails 1.3.1
spring-security-core 0.4
jQuery 1.4.x
I need to figure out how to check security permissions on ajax requests. For example, I have a calendar displayed in a tab using the FullCalendar jQuery ... |
in jquery 1.3.2
for jsonp requests i used to this
var _options = {
url: 'someexternal_url',
type: 'GET',
...
|
We build sites that have a public (non-secured) area and secured (delivered over HTTPS) area and we use jQuery library.
Recently I suggested we use Google CDN for jQuery delivery. Some of ... |
In our web application we have run into the situation where we need to do a cross-domain AJAX calls from one domain we fully control to another domain we fully control. ... |
Are there any oustanding vulnerabilities (2) in jQuery that haven't been addressed in the latest release, for instance? Any other valid reason why security packages would flag the library as unsafe? ... |
I've created a Windows Gadget using JQuery to call the oAuth-Service of Yammer: https://www.yammer.com/oauth/request_token (API Documentation)
$.ajax({
url: "https://www.yammer.com/oauth/request_token",
type: "GET",
...
|
I am making a webservice call that needs and authentication password using jquery ajax. My question is how/where to I store the webservice authentication password so that javascript can use ... |
I am extremely new to the web-development scene, but I was wondering: Does anybody know what mechanisms does the ZK framework use in order to prevent session hijacking?
|
Using Jquery (latest), IBM WebSphere 6.1 Server, Java JDK 1.5
Got a bit of a pickle for AJAX calls. All of my AJAX calls are to URLs that are a part ... |
Like we know that javascript is insecure as it is a client side script.
Does JQuery is also insecure?
If yes, than why we are seeing blogs on "JQuery replaces AJAX" ... |
I'm developing a Spring 3.0 based web application that requires all users to log in to view data. Once logged in, certain parts of the screen use an AJAX polling mechanism ... |
Meaning if I have a website and I link to a external .js file, say for jquery or some widget service, they can pretty easy just pull by authentication cookie and ... |
I have a form that validates and posts with Ajax, or more specifically, with $.post().
At one point, there is a reCaptcha. This form worked fine when I did not use $.post() ... |
http://www.myjqueryplugins.com/QapTcha/demo
This plugin looks so user friendly
I'm afraid that once it gets popular it gets easily hackable.
Do you agree ?
|
I'm currently developing an application in HTML+JS based almost entirely in ajax connections (using the jQuery.ajax() call to ease the process).
I was thinking about the best practice to make secure calls ... |
what is the best way to secure comminucation between wcf ajax enabled services and ui implemented with jquery ajax in absence of SSL?
-- EDIT --
It's enough to have a reliable Authentication ... |
I got to write a jquery script like
function DeleteFile(_FileID)
{
//ajax method to delete the file
}
and the fileId id present in the rel attribute of the list
Now my problem is..when I called "DeleteFile" ... |
I am using wcf services for interaction between my javascript files and server side.
I am concerened about security around this as anyone can call these services via an application, firebug ... |
The project I am working on, uses AJAX calls for every link on the page, more specifically, jQuery AJAX calls, also, every form submitted, besides logging in, is submitted through AJAX, ... |
let's assume that there is a service out there as following;
http://exmaple.com/service1/GetSomething?apikey={api-key-goes-here}
an my api key is : 96a143c8-2f62-470c-b81f-dec5fc271873
so we will be making calls to > http://exmaple.com/service1/GetSomething?apikey=96a143c8-2f62-470c-b81f-dec5fc271873 ... |
Hi
I'm working on an application with Java as it's server-side language and for the client-side I'm using Ajax.
But I'm fairly new to ajax applications so I needed some opinions on ... |
I am writing an app right now that uses jQuery and JSONP to get JSON from 3rd party servers. The main idea behind my app is that it is a ... |
Thanks for reading.
I would like to develop a secure web application with jQuery as the front-end and .NET MVC as the server-side with its functionality expressed in RESTful web services. ... |
In our site certain pages use SSL, most pages however don't (as they need to be crawled by web bots).
It pretty much boils down to any page where the user is ... |
I am trying to use the Uploadify plugin with Spring MVC in order to upload a bunch of files. I am authenticated but my request keeps getting denied because when the ... |
This is a security question.
My boss has asked me to find (and show a prototype) of possible hacks over the site and I am over one.
There is an input box on ... |
I'm a beginner using webservices with jquery, so pardon for asking dumm questions.
so the story goes like this. I have a new website that i build using jQuery, that call webservices ... |
What are the security options in wcf next ("wcf web api" and "wcf jquery support") ? And if a client requesting to a wcf service by jquery, how can wcf dedect ... |
I'm working on an eCommerce application that's using quite a bit of JavaScript and jQuery. Everything is checked server-side before anything is processed, but there has been a lot of ... |
I'm probably not going to get all the required info needed to help the first stab but I'll do the best I can and edit this as we go along.
I've got ... |
I have a difficult question to explain question about securing my Ajax script. Sorry for my bad English. I have secured my site with a session_regenerate_id() function after each login. On ... |
Possible Duplicate:
Doubt on prevention of CSRF
I have a few serious doubts :
We basically use random session tokens to check if a POST ... |
I am writing some purely client-side jQuery (no AJAX). Should I be aware of jQuery-specific security holes I might inadvertently introduce for the clients?
|
I'm using spring-security and jQuery in my application. Main page uses loading content dynamically into tabs via Ajax. And all is ok, however sometimes I've got the login page inside my ... |
We have a cakephp app that makes Ajax calls to get data and post back to a Jax-RS webservice (in development).
Authentication within cakephp is done against an LDAP server
Authorization will be ... |
I have a project with the following aspects:
- Frontend web application made in PHP, jQuery (Ajax) with a local database for aspects like end users authetication and configuration of the frontend web ...
|
I was trying to hit a web service on a different domain using jQuery's ajax method. After doing some research it looks like it does not allow this is by ... |
I would like to know if jCryption + Challenge Response Authentication Mechanism are a good alternative to SSL.
I know that SSL is very much better, but I'm making a ... |
Hi, I am trying to find a good way to handle the case where the session times out and an ajax call is made to a protected resource, /account for example. Currently my ajax call returns the login page html since an unauthenticated request to /account redirects to the login page. Any good ideas on how to handle? Thx |
Has anyone come across this before? Scenario: After logging in, user runs Struts 2 action that displays a .jsp page that uses Struts2-Jquery tags to create a tabbed display that make Ajax calls to access their content from other struts actions. Walk away and let the session expire. Clicking on one of the tabs invokes the login page from Spring security ... |
For example, I have a user login page.. it was written with .aspx and vb.net. Say if I want to implement the presentation layer with JQuery and HTML, including the textbox and submit button used for login. When user click on submit button, it calls a function at code behind and pass username/password data through JSON as parameters for validation . ... |
|
|
Thank you for a great product! We are using jquery and appreciate the good work you did putting it together and making it available. We are currently working on a project which required a full security assessment. When a scan was run on the project as a whole, a couple of issues were flagged in code that is part ... |
yes, there are always security risks with any web application/ website. as a general rule, i believe anything can be hacked. if you use asp.net server code as charlie suggested, it's still possible to hijack sessions under certain circumstances. however, the responsibility to prevent this will not deal with jquery code. you'll need to develop solid server-side code ... |
I'm developing a feedreader type app on Appcelorator's Titanium platform which allows cross domain ajax requests. The app relies on ajax calls to a third party site, selecting html from those pages and rendering it.I'd like to sanitize data from the untrusted 3rd party source in the data returned by the ajax call by removing all javascript. Can regex take care ... |
Yes, iam developing a server application with php. The users access an php file that has javascript withajax(jquer). I know i cant stop someone from grabbing the javascript and changing it. But can i and how doi assure that when a ajax req comes to my php application it was generated by the javascript in my file and ... |
This may be a little off topic, or it might not be, becuase I'm notsure if this should be done through PHP or Javascript, or what. Soplease don't kill me if this isn't the right place to post this...Anyway, I wanna create a site that performs an algorithm on userinputed data. But I want the code to be completely unaccessable toany ... |
|
Hello, My client currently has a Flash book reader on his site that provides a UI for reading a book. Each page of the book is a GIF, and there are hundreds of books available. Now, my client would like to change this reader, and I've convinced him to let me rebuild the reader in jQuery. The hiccup is that, for ... |