开发者

what should be kept in mind while writing secured ajax code using jquery for jsp

问答 作者:

i am开发者_开发百科 currently working on a web application project for payroll. this site is public. i want to use jquery + ajax to implement certain functionality with server side lang as jsp. what are the guidelines helpful in writing a mature,secured code.

Lesson #1

Sanitize your inputs

You can make this pretty by introducing client side validation on forms etc, but by no means rely on this to give clean data to your JSP. Your JSP will need to match all data received against known good inputs. If any input does match expected inputs, then a generic error should be thrown.

I cannot stress this enough, especially for payroll software.

Get on a whiteboard and write.

I promise to sanitize,filter and validate my data before any changes are made.
I promise to sanitize,filter and validate my data before any changes are made.
I promise to sanitize,filter and validate my data before any changes are made.
I promise to sanitize,filter and validate my data before any changes are made.
I promise to sanitize,filter and validate my data before any changes are made.
I promise to sanitize,filter and validate my data before any changes are made.

Now then.

When writing a system like this you need to keep your code abstract, Dont just write a function per action, Example

Do not do this way.

function updateEmailAddress(id,email)
{
   $.post("ajax/updateEmail.php",{id:id,email:email});
}

updateEmailAddress(22,'some_new_email@mydomain.tld');

Do it like so, build a system of reusable code.

System = {
   Send : function(location,method,data,callback)
   {
       //Send here to location via method with data and then invoke the callback
   }
}
Actions = {
    UpdateMail(id,mail)
    {
        System.Send('ajax/mailupdate.php','post',{id:id,email:mail},function(data){
           //Validate Server Responce
        });
    }
    CheckLoginState(callback)
    {
        System.Send('ajax/loginState.php','post',{},function(data){
           callback(data ? true : false);
        });
    }
    //ETC
    //ETC
}


Action.CheckLoginState(function(loggedin){
   if(loggedin){
      Action.UpdateMail(someId,SomeEmail);
   }
});

继续阅读:jquery

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9