AJAX是否有任何特殊的安全问题?
[英]Does AJAX have any special security concerns?
问题描述
I know all about SQL injections, and peeking into javascript files that a website uses, and also that GET requests contain all of the information in a URL. 
我知道所有关于SQL注入,并窥视网站使用的javascript文件,以及GET请求包含URL中的所有信息。
Is there any security concern that is special to AJAX and only pertains to using AJAX? 是否存在任何特殊于AJAX的安全问题,并且只涉及使用AJAX?
For example, sending post requests via AJAX seems completely safe to me. 例如,通过AJAX发送帖子请求对我来说似乎是完全安全的。 Barring SQL injections, I can't think of one thing that could go wrong... is this the correct case? 除非SQL注入,我想不出一件可能出错的事情......这是正确的情况吗?
Also, are "requests" of any kind that a user's browser sends or any information it receives available to be viewed by a third party who should not be viewing? 此外,用户浏览器发送的任何类型的“请求”或其收到的任何信息是否可供不应查看的第三方查看? And can that happen to AJAX post requests ('post' requests specifically; not 'get')? 这可能发生在AJAX发布请求中(特别是'发布'请求;不是'获取')?
1 个解决方案
解决方案1
2 2012-02-27 19:25:49
它就像任何其他形式的数据输入:验证您的值,检查引用者,验证会话,使用SSL。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.