security for AJAX-style function calls

P

PJ6

I have AJAX-style calls that will require a user's login for permission
checks. I might have been OK with the login ID rolled into a session
variable, but now I'm faced with calling my AJAX functions with the login,
which would be pretty easy to hack.

I was thinking on a successful login attempt to issue a GUID to that session
and store it in a hashtable server-side with the login name, probably expire
it after 24 hours.

This seems pretty straightforward to do but I've had it drilled into me that
one does not 'home-brew' security, one uses whatever is commonly available
and accepted as secure. I just wanted to check here if this approach is OK.

Paul
 
B

Bruce Barker

not particularly secure, this is not much different than just using the
session id. if you need security, you should run over https, so sniffers can
not be used.

-- bruce (sqlwork.com)
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

advanced question: feasability of using delegates on original objects for AJAX calls 4
PEP thought experiment: Unix style exec for function/method calls 4
Ajallerix : AJAX, simple, fast Web image gallery demo ; at Novell 0
Role-based security for an ASP/ASP.NET mixed environment 7
Simple Login programming: Authentication does not work for me! 1
Asp.net Important Topics. 0
Q: About how/where to store RecordSets in UserControls? 2
ANN: OSCON 2006 Call for Proposals 0

Members online

No members online now.
Total: 34 (members: 0, guests: 34)
Robots: 456

Forum statistics

Threads
473,769
Messages
2,569,580
Members
45,054
Latest member
TrimKetoBoost

Latest Threads

Top