Detecting Ajax in PHP and making sure request was from my own website

by

Let you Controller

  • generate access token
  • store in session for later comparison

In your View

  • declare the access token as JS variable
  • send the token with each request

Back in your Controller

  • validate HTTP_X_REQUESTED_WITH
  • validate token

Check these security guidelines from OpenAjax.
Also, read the article on codinghorror.com Annie linked.

More Related Contents:

  1. Login without HTTPS, how to secure?
  2. Tagging systems [closed]
  3. How to use this code my wordpress theme
  4. How can I prevent SQL injection in PHP?
  5. SQL injection that gets around mysql_real_escape_string()
  6. How do I use password hashing with PDO to make my code more secure? [closed]
  7. Examples of SQL Injections through addslashes()?
  8. PHP: Is mysql_real_escape_string sufficient for cleaning user input?
  9. How to upload multiple files using PHP, jQuery and AJAX
  10. Does $_SERVER[‘HTTP_X_REQUESTED_WITH’] exist in PHP or not?
  11. PHP image upload security check list
  12. Ajax LARAVEL 419 POST error
  13. How to populate second dropdown based on selection of first dropdown using jQuery/AJAX and PHP/MySQL?
  14. Upload Multiple Files with PHP and JQuery
  15. handle json request in PHP
  16. jQuery ajax request with json response, how to?
  17. Javascript POST not working – Sending Javascript array to PHP
  18. How to call a php script/function on a html button click
  19. Populate another select dropdown from database based on dropdown selection
  20. Many hash iterations: append salt every time?
  21. What security issues should I look out for in PHP
  22. How do I return a proper success/error message for JQuery .ajax() using PHP?
  23. What does mysql_real_escape_string() do that addslashes() doesn’t?
  24. Unserialize PHP Array in Javascript
  25. Generate cryptographically secure random numbers in php
  26. How to rotate image and save the image
  27. Use of Initialization Vector in openssl_encrypt
  28. Secure User Image Upload Capabilities in PHP
  29. show progressbar while loading pages using jquery ajax in single page website
  30. How to call a php function from ajax?

Leave a Comment