check the referer. Granted this could be hacked easily by changing the headers but adds an extra step. Another approach would be using session variables an authentic your app on start up and look at the session to see if it is valid. You could use a checksum that changes after each request, this would make it a real pain in the ass to hack. If you have a specific request flow you could build that into your request handler and reject request based off that. Another idea is have a max request that can be preformed in a specified time period or session.
Just a few ideas off the top of my head, I'm sure there are more. All the above methods could be combined as well. On Mon, Nov 17, 2008 at 4:56 PM, tswone <[EMAIL PROTECTED]> wrote: > > Does anyone here have a good way to protect ajax requests from > visitors changing them? > > Like using php or whatever, what types of things are good to check > for? > > Thanks, > > T
