On Tue, Oct 21, 2008 at 5:12 AM, Yeti <[EMAIL PROTECTED]> wrote:
>> True, but then my permission / auth / workflow schema defines all that. the
>> user won't like have that permission, the request will be logged and nothing
>> is ever deleted from the app in any case since I only allow soft (record
>> level flag ) deletes to ensure data integrity
>
> I agree with Bastien here. If you can't trust your authorized users
> then don't authorize them to delete entries. I would also recommend
> some kind of access control to lower the risk of a complete data loss.
> Use HTTPS to prevent man in the middle attacks.
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

That is a bit overkill going https for everything.  If you just make
ajax requests behave the same way as a normal direct hit, you'll be
fine.  One of the problems with ajax stuff is that sometimes we forget
to validate each request validating the user making the request and
the action they're performing.  It's quite easy to just assume the
request hasn't been changed at all since it is buried behind code.
Everyone's guilty of this at one point or another.  Just look at this
google docs example. [1]

I'd recommend reading up on the concepts of authentication and
authorization.  Authentication just makes sure you're logged in.
Authorization makes sure you can perform a specific action.  Once you
have that you'll be able to answer the original question.

Of course you can also go into other types of things like creating
signatures for each request and tokens (which should be done), but
start at the beginning and work at it.  I'd also recommend installing
something like httplive headers or firebug just to get an idea of what
is going over the wire.  It might make things more obvious.

[1] http://xs-sniper.com/blog/2007/09/28/all-your-google-docs-are-belong-to-us/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to