Post data with jQuery to ASP.net, am I doing this secure enough?

Posted by Wim Haanstra on Stack Overflow See other posts from Stack Overflow or by Wim Haanstra
Published on 2010-05-28T08:57:49Z Indexed on 2010/05/28 9:02 UTC
Read the original article Hit count: 184

Filed under:
|
|

For a website I am building, I am using jQuery to post data to Generic Handlers I created for this purpose.

Because you need to be logged in, to do most post actions (like 'rate a picture'), I am currently using the following technique:

  1. User visits page
  2. Page determines if user is logged in
  3. On Page_Load the page fills a hidden field with an encrypted string, which contains several needed variables, like User ID, Picture ID (of the picture they are currently viewing), the DateTime when the page was rendered.
  4. When the user clicks a "I like this picture"-button, I do a $.ajax post to my Generic Handler, with the encrypted string and the value whether or not they liked the picture.
  5. The Generic Handler decrypts the supplied encrypted string and takes a look at the DateTime to determine if it was not too long ago
  6. When everything works out, the vote is submitted to the database.

In my understanding this is a pretty secure way to handle a situation like this. But maybe I am missing a very important point here.

Any advice would be very welcome.

© Stack Overflow or respective owner

Related posts about ASP.NET

Related posts about jQuery