Post data with jQuery to ASP.net, am I doing this secure enough?
Posted
by Wim Haanstra
on Stack Overflow
See other posts from Stack Overflow
or by Wim Haanstra
Published on 2010-05-28T08:57:49Z
Indexed on
2010/05/28
9:02 UTC
Read the original article
Hit count: 184
For a website I am building, I am using jQuery to post data to Generic Handlers I created for this purpose.
Because you need to be logged in, to do most post actions (like 'rate a picture'), I am currently using the following technique:
- User visits page
- Page determines if user is logged in
- On Page_Load the page fills a hidden field with an encrypted string, which contains several needed variables, like User ID, Picture ID (of the picture they are currently viewing), the DateTime when the page was rendered.
- When the user clicks a "I like this picture"-button, I do a $.ajax post to my Generic Handler, with the encrypted string and the value whether or not they liked the picture.
- The Generic Handler decrypts the supplied encrypted string and takes a look at the DateTime to determine if it was not too long ago
- When everything works out, the vote is submitted to the database.
In my understanding this is a pretty secure way to handle a situation like this. But maybe I am missing a very important point here.
Any advice would be very welcome.
© Stack Overflow or respective owner