tags:

views:

62

answers:

3

i am currently working on a web application project for payroll. this site is public. i want to use jquery + ajax to implement certain functionality with server side lang as jsp. what are the guidelines helpful in writing a mature,secured code.

+1  A: 

Lesson #1

Sanitize your inputs

You can make this pretty by introducing client side validation on forms etc, but by no means rely on this to give clean data to your JSP. Your JSP will need to match all data received against known good inputs. If any input does match expected inputs, then a generic error should be thrown.

I cannot stress this enough, especially for payroll software.

wiifm
A: 

thanks wiffm69 for the tips

Suresh S
A: 

Get on a whiteboard and write.

I promise to sanitize,filter and validate my data before any changes are made.
I promise to sanitize,filter and validate my data before any changes are made.
I promise to sanitize,filter and validate my data before any changes are made.
I promise to sanitize,filter and validate my data before any changes are made.
I promise to sanitize,filter and validate my data before any changes are made.
I promise to sanitize,filter and validate my data before any changes are made.

Now then.

When writing a system like this you need to keep your code abstract, Dont just write a function per action, Example

Do not do this way.

function updateEmailAddress(id,email)
{
   $.post("ajax/updateEmail.php",{id:id,email:email});
}

updateEmailAddress(22,'[email protected]');

Do it like so, build a system of reusable code.

System = {
   Send : function(location,method,data,callback)
   {
       //Send here to location via method with data and then invoke the callback
   }
}
Actions = {
    UpdateMail(id,mail)
    {
        System.Send('ajax/mailupdate.php','post',{id:id,email:mail},function(data){
           //Validate Server Responce
        });
    }
    CheckLoginState(callback)
    {
        System.Send('ajax/loginState.php','post',{},function(data){
           callback(data ? true : false);
        });
    }
    //ETC
    //ETC
}


Action.CheckLoginState(function(loggedin){
   if(loggedin){
      Action.UpdateMail(someId,SomeEmail);
   }
});
RobertPitt