开发者

Sencha-Touch : Secure a user submitted form

开发者 https://www.devze.com 2023-03-29 21:47 出处:网络
I am using Sencha Touch for some weeks now, and I plan to add to my webapp, a form with 开发者_运维百科which users can contribute with informations. I was wondering of means of securing this form, sin

I am using Sencha Touch for some weeks now, and I plan to add to my webapp, a form with 开发者_运维百科which users can contribute with informations. I was wondering of means of securing this form, since it will directly post entered data through an Ajax call to my server. It will not be too difficult for someone to sniff http traffic and write some script that would kill my database server sending data to my submit server side action.

I was wondering about using recaptcha, but I cannot see how to implement it or neither if someone has tried it. I am open for any other form of security that could be easily implemented in the context of sencha touch

Thx


Create some simple form of captcha if you want. Like addition of two numbers etc.


You wont prevent sniffing http traffic using a captcha, use ssl, if you send your requests using https no one can sniff your trafic.

But even that cannot prevent someone sending a crafted request to your sever trying to exploit it, since they can tell by looking at your client code what is the server expecting.

You can try to obfuscate your client code, but that wont help much either.

The only way to prevent it is by validating the requests on the server side and invalidate all the requests that can potentially harm your system.

0

精彩评论

暂无评论...
验证码 换一张
取 消