I got the following problem in PHP. I wrote a function to give data via ajax to my PHP code. Sadly a user can just manipulate my site by typing the link of the ajax request and/or changing the values. Is there a possibility to block humans from the website but not block my ajax request?
Asked
Active
Viewed 35 times
0
-
No. If something is accessible publicly then anyone can see it and amend it via dev tools. This is why you need validation rules server side to ensure that any request you receive meets business logic requirements – Rory McCrossan Apr 09 '20 at 10:51
-
Ensure the data is valid, secure it using a key and secret, block User-Agents, etc.. – Philip Rollins Apr 09 '20 at 10:52
2 Answers
0
The short answer is no. If it's accessible publicly online, it is possible to send request without using your site directly.
You can also limit the access by authenticating your site.
If you still want it to be accessible, but would like to make things harder (not impossible), you can use a CSRF token: https://portswigger.net/web-security/csrf/tokens.
kuzditomi
- 700
- 1
- 5
- 25
0
Answer is NO. you can use some extra data to validate the query. like add some extra data to the ajax request so the server can check the query.
i can help you but can you please tell me which data you are sending to the client.
Shanu Raj
- 1
- 1