0

On some of my web I write with JS/HTML/CSS because is dynamic. But when I working with DB I must call Ajax from JS to working with it. I use POST in Ajax, but how secure is it?

Can someone use my URL with PHP (like www.smt.com/updateDB.php) to edit my DB?

Because when I use it from JS without password and name, so anyone can use it. And if you have Name of DB, Password and Name of User in POST Ajax, then anynone can see it.

Is there any way to secure it in PHP? Like it only update DB when its send from my Hosting IP address?

Thanks :)

Improve this question

1 Answer 1

Reset to default
1

instead of using ip adddresses you need a login system and session controller in php. so in php part for every ajax request you can esily check if user logged in or have rights to run db functions

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Nice idea, but i need that Ajax will be able to do anything with DB, like download list of user, not only logged user. But user is able to edit JS. So how secure this?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.