Just out of curiosity, how would this work: You could use a checksum that changes after each request, this would make it a real pain in the ass to hack...
How would you generate the checksum per request and have it a pain to be hacked? On Nov 17, 11:53 pm, nwhite <[EMAIL PROTECTED]> wrote: > check the referer. Granted this could be hacked easily by changing the > headers but adds an extra step. Another approach would be using session > variables an authentic your app on start up and look at the session to see > if it is valid. You could use a checksum that changes after each request, > this would make it a real pain in the ass to hack. If you have a specific > request flow you could build that into your request handler and reject > request based off that. Another idea is have a max request that can be > preformed in a specified time period or session. > > Just a few ideas off the top of my head, I'm sure there are more. All the > above methods could be combined as well. > > On Mon, Nov 17, 2008 at 4:56 PM, tswone <[EMAIL PROTECTED]> wrote: > > > Does anyone here have a good way to protect ajax requests from > > visitors changing them? > > > Like using php or whatever, what types of things are good to check > > for? > > > Thanks, > > > T
