Previous Page
Next Page

12.13. Security Considerations with AJAX Applications

The ticket manager application has a relatively simple security model. There are no different user levels; the only issue to worry about is whether the user logged in. If the user is logged in, he or she has the ability to edit and create tickets; otherwise, he or she can only view them. The user's login status is stored on both the JavaScript side and the server. On the JavaScript side, this status is used to hide the links to actions that the user can't perform. On the server side, the login status is used to enforce what actions the user can perform. This setup highlights an important rule in any Web application: The client can't be trusted.

Often, when we build an AJAX application, we forget that our back-end code is still being exposed through normal HTTP requests. Just because the JavaScript-driven user interface doesn't allow a ticket to be created doesn't mean that an HTTP request directly to the back-end addTicket method can't be made. The methods exposed in the Ticket class are a public interface to the application; they need to check login status if a login is required to use the method, and they need to do any required data escaping.

Even though libraries such as HTML_AJAX make it easy to expose a PHP class for AJAX, access doesn't mean that you can remove the controller from your application and expose your data models directly to JavaScript. The code that handles an AJAX request is now the front-line code of your application and needs to take appropriate precautions.


Previous Page
Next Page