Comments on: Secure Jquery Ajax Request

By: Prasanna

Prasanna — Thu, 18 Feb 2010 12:21:19 +0000

@Sym2k8
die(‘Direct acces not allowed’); is much better perhaps?

By: Sym2k8

Sym2k8 — Thu, 21 Jan 2010 19:35:37 +0000

Thanks, but the problem is that you still send the data to the client.

The better way is to not send data to the client if the client is not authorized.

Do never trust the client and do never trust code and checks wich can be manipulated by the client (javascript).

My function secure would look like:
public function secure() {
if(IS_AJAX) {
if(!$this->session->userdata(’logged_in’)) {
header(’HTTP/1.1 401 Unauthorized’);
die;
}
echo ‘Time for Coffee’;
} else {
echo ‘Direct acces not allowed’;
}
}

Greetings from germany,
Sym2k8

By: shin

shin — Sun, 13 Dec 2009 21:14:36 +0000

Yes, I agree with all other posts. I am looking forward to seeing the next ones.
@Alex, CI backendpro is the one you are looking for.
@Bill Thanks for your tip.

By: Natan V

Natan V — Sat, 12 Dec 2009 01:15:41 +0000

Great Idea!

You can also add the event to the jquery ajax global settings. This way you don’t have to attach the event to every ajax request (if you’re using some sort of ACL).

I added the following to my header for auto inclusion.

jQuery.ajaxSetup({
error: function(xhr, requestStatus, error)
{
if(xhr.status == 401)
{
// redirect here or do whatever…
}
}
,cache: false
});

By: Walter

Walter — Thu, 26 Nov 2009 07:50:35 +0000

Great screencast. I’ll be tuned for more!!

By: Adam

Adam — Fri, 13 Nov 2009 15:17:41 +0000

Thank you so much for your tutorials, they are some of the best I’ve seen in way of the intersection of CI+jQuery+ajax…

By: August

August — Tue, 27 Oct 2009 16:13:32 +0000

Hi, i am trying to make a login page that requires a local key (user-side) as well as the username and password.

the idea is to hash the user info against the users key, and use the public key to decrypt and authorize.

if i get it working i will toss you a link

By: Toby

Toby — Sat, 03 Oct 2009 16:03:42 +0000

Lee, thanks for your great screencasts, they are really helpful!

Like Alex Inoa, I am also very interessted in UAC with CI! Would be great to see something about this soon

Regards, Toby

By: bill h

bill h — Fri, 14 Aug 2009 22:52:59 +0000

I am not sure if you have fixed the cacheing issues you were having in firefox but what you can do is download the web developer toolbar for firefox (https://addons.mozilla.org/en-US/firefox/addon/60) and then under the first menu item “disable” just select “disable cache”.

I do this while I am developing to avoid the exact same issues you were having.

By: Lee

Lee — Fri, 14 Aug 2009 22:46:07 +0000

Hi Mike

Thank you for asking. Yea I will be doing more just a little busy with a project right now.

Keep watching