Forum FAQForum FAQSearchSearch MemberlistMemberlist Forum ignore listForum ignore list RegisterRegister ProfileProfile Log in to check your private messagesLog in to check your private messages Log inLog in
ajax password change

 
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    mi3dot.org Forum Index -> Client-side
View previous topic :: View next topic  
Author Message
BubaMara



Joined: 27 Jan 2004
Posts: 87

PostPosted: 22.04.2009 09:52    Post subject: ajax password change Add user to your forum ignore list Reply with quote

Pozdrav.
Imam pitane u svezi sigurnosti ajaxa?
Imam lightbox like "prozor" u kojem vrsim izmjenu korisnikovih detalja. Problem bi mi mogao pretstavljati password. Posto sve preko ajaxa saljem php fajlu koji mjenja u bazi postavke postavlja se pitanje sigurnosti. Koja su iskustva s zastitom toga.

Razmisljao sam o sljedecem. Posto je javascript client side te ne zelim tu raditi XOR enkripciju zbog same vidljivosti source-a.

Dakle zamisao je da na osnovu vise parametara preko php-a izgeneriram nekom svojom metodom kljuc i onda kljuc saljem zajedno s podatcima preko ajaxa php fajlu. php fajl provjeri tom istom funkcijom dali je kljuc ispravan i ako je onda to se upisuje u bazu, ako je kljuc neispravan onda nista.

Kljuc bi se mijenjao svaki put i ono sto na potencijalnom napadacu ostaje je da sazna sta sam ja koristio za generiranje kljuca a ja se maksimalno mogu potruditi da mu to otezam.

Hvala na odgovorima.
Back to top
View user's profile Send private message
Moebius



Joined: 26 Jan 2004
Posts: 245
Location: zagreb

PostPosted: 22.04.2009 10:53    Post subject: Add user to your forum ignore list Reply with quote

Naravno da sam ajax nema nikakve veze sa ovim sto si naveo.
Back to top
View user's profile Send private message Visit poster's website
BubaMara



Joined: 27 Jan 2004
Posts: 87

PostPosted: 22.04.2009 12:15    Post subject: Add user to your forum ignore list Reply with quote

pa od njega je potekao problem Smile
Back to top
View user's profile Send private message
snyder



Joined: 21 Dec 2005
Posts: 57
Location: Zagreb

PostPosted: 22.04.2009 13:27    Post subject: Add user to your forum ignore list Reply with quote

pitanje, jel mozes doci do dijela gdje se mijenja password bez da si logiran kao admin il tak nest?

mislim, cemu zastita dodatna ak tak i tak ne mozes do tog dijela doc bez admin logiranja?
Back to top
View user's profile Send private message Visit poster's website MSN Messenger
Moebius



Joined: 26 Jan 2004
Posts: 245
Location: zagreb

PostPosted: 22.04.2009 13:39    Post subject: Add user to your forum ignore list Reply with quote

Code:
pa od njega je potekao problem

mozda, ali ako sam shvatio zanima te sigurnost koristenja ajaxa. Ajax je samo wrapper za client-side i server-side, tako da on sigurno nije kljluc nekih sigurnosih problema.
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    mi3dot.org Forum Index -> Client-side All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group