tags:

views:

62

answers:

3
Q: 

what should be kept in mind while writing secured ajax code using jquery for jsp

i am currently working on a web application project for payroll. this site is public. i want to use jquery + ajax to implement certain functionality with server side lang as jsp. what are the guidelines helpful in writing a mature,secured code.

+1  A: 

Lesson #1

Sanitize your inputs

You can make this pretty by introducing client side validation on forms etc, but by no means rely on this to give clean data to your JSP. Your JSP will need to match all data received against known good inputs. If any input does match expected inputs, then a generic error should be thrown.

I cannot stress this enough, especially for payroll software.

wiifm  2009-10-10 11:50:13
A: 

thanks wiffm69 for the tips

Suresh S  2009-10-12 08:58:59
A: 

Get on a whiteboard and write.

I promise to sanitize,filter and validate my data before any changes are made.
I promise to sanitize,filter and validate my data before any changes are made.
I promise to sanitize,filter and validate my data before any changes are made.
I promise to sanitize,filter and validate my data before any changes are made.
I promise to sanitize,filter and validate my data before any changes are made.
I promise to sanitize,filter and validate my data before any changes are made.

Now then.

When writing a system like this you need to keep your code abstract, Dont just write a function per action, Example

Do not do this way.

function updateEmailAddress(id,email)
{
   $.post("ajax/updateEmail.php",{id:id,email:email});
}

updateEmailAddress(22,'[email protected]');

Do it like so, build a system of reusable code.

System = {
   Send : function(location,method,data,callback)
   {
       //Send here to location via method with data and then invoke the callback
   }
}
Actions = {
    UpdateMail(id,mail)
    {
        System.Send('ajax/mailupdate.php','post',{id:id,email:mail},function(data){
           //Validate Server Responce
        });
    }
    CheckLoginState(callback)
    {
        System.Send('ajax/loginState.php','post',{},function(data){
           callback(data ? true : false);
        });
    }
    //ETC
    //ETC
}


Action.CheckLoginState(function(loggedin){
   if(loggedin){
      Action.UpdateMail(someId,SomeEmail);
   }
});
RobertPitt  2010-07-14 13:37:13

related questions

How do HttpOnly cookies work with AJAX requests?
ASP.NET JavaScript Callbacks Without Full PostBacks?
How to set encoding in .getJSON JQuery
Suggestions on Ajax development environment for PHP
Need to test an ajax timeout condition
XmlHttpRequest return values
Adobe AIR: Handling JSON objects from server
Best framework for implementing iGoogle or pageflakes (ASP.NET)
Is there some way to PUSH data from web server to browser?
Are there reasons not to use JSONP for AJA~X requests?
Minimize javascript HTTP calls from AjaxControlToolkit controls?
Only accepting certain ajax requests from authenticated users
ASP.net AJAX Drag/Drop?
Scrolling Overflowed DIVs with JavaScript
Speeding up an ASP.Net Web Site or Application
ICE Faces fileInput file path and file name properties
Ajax project suggestion.
Graphing JavaScript Library
Debugging: IE6 + SSL + AJAX + post form = 404 error
Best ajax library for Sharepoint
Can ASP.NET AJAX partial rendering work inside a SharePoint 2007 application page?
What is Progressive Enhancement?
Tracking state using ASP.NET AJAX / ICallbackEventHandler
Easy way to AJAX WebControls
Modify Address Bar URL in AJAX App to Match Current State