Preventing $.POST hijack
Posted
by Jamie
on Stack Overflow
See other posts from Stack Overflow
or by Jamie
Published on 2010-05-16T22:31:31Z
Indexed on
2010/05/16
22:50 UTC
Read the original article
Hit count: 464
I'm currently building a facebook application. Lets say I have a variable $uid that identifies the user so I can store this in my database along with their submitted data. I pass $uid and $data via json encoded values using $.post. However, this doesn't prevent someone changing $uid to save data as someone else.
I have been thinking about how to overcome this, so far I haven't found a solution apart from: create database with $uid $secretkey on first page load. When $.post send $secretkey with the post and then retrieve the $uid from the database.
Would this be the correct approach to use?
© Stack Overflow or respective owner