开发者

best way to pass input through ajax

as i want to send some sensitive information like 'user id' through ajax which is the best way to transfer them. right now i am just concatenating with the html tag's ids and the开发者_运维技巧n splitting and using them . please suggest a better way . i hope there must be one for this


The best way to transfer identification values (such as user_id) is to not transfer them at all. If you can, I'd grab the current user_id from a session, that way it isn't possible for a user to change that "user_id" to immatate someone else.

However if this option doesn't fit your application, you can always hash the user_id on the server side, such as:

md5($user_id . "randomsalthere");

Then when you check the request, see if:

$_POST['secret_hash'] == md5($_POST['user_id'], 'randomsalthere');

Links:

Salt

Hash

PHP Sessions


Would POST work for you? Only the User would be able to sniff out the POST parameter,


The most secure way would be to use https, regardless whether you are using POST or GET.

Another question that comes to mind: Do you really need to send this information, can´t you just keep it on the server in a SESSION?


JQuery has some encryption plugins. You can encrypt your values before sending them, and decrypt them in php.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜