CodingForums.com - View Single Post

Redcoder · 01-12-2013, 08:52 PM

If you're not using Ajax, that's a real bummer. Ajax gotten pretty simple with JQuery. If you have followed the conversation, you could pipe the data into session then send it after login, but that would be open to abuse - in the case that a malicious or even unknowing user uses the same computer as the last user who had unsaved PMs - this is because you'd have to use client-side cookies which are open to abuse, editing and such. If you have random Session IDs stored in them for validation, that will at least protect the app from Remote Users( Who don't do cookie stealing). In short, that's a feature - if you don't use Ajax draft Saving - that will introduce an unnecessary security hole that may come to bite you up ahead.

01-12-2013, 08:52 PM	PM User \| #7
Redcoder Regular Coder Join Date: May 2012 Location: /dev/couch Posts: 309 Thanks: 2 Thanked 46 Times in 45 Posts	If you're not using Ajax, that's a real bummer. Ajax gotten pretty simple with JQuery. If you have followed the conversation, you could pipe the data into session then send it after login, but that would be open to abuse - in the case that a malicious or even unknowing user uses the same computer as the last user who had unsaved PMs - this is because you'd have to use client-side cookies which are open to abuse, editing and such. If you have random Session IDs stored in them for validation, that will at least protect the app from Remote Users( Who don't do cookie stealing). In short, that's a feature - if you don't use Ajax draft Saving - that will introduce an unnecessary security hole that may come to bite you up ahead. __________________ For professional Hosting and Web design..... NetEssentials.co.uk