Skip to content Skip to sidebar Skip to footer
Home / Ajax / Javascript / Php / Security

How To Secure/encode Javascript POST Requests

Post a Comment
I've a game in which my JavaScript calls PHP scripts via POST to change values in the database. How can I prevent someone repeatedly duplicating the request and giving themselves a

Solution 1:

It sounds like a lot of this logic now remains clientside, so you can't stop someone from sending "score.php?score=1000" multiple times.

Add logic to the server side that checks how often a given request can be executed, or, even better, execute game logic completely serverside (so the user won't have to submit his own score, but simply requests a certain game action to be executed, eventually resulting in a score which could then be added to the user).


Solution 2:

If you have some form of session identifier you can increment a count of times that request has been made. This isn't bullet proof however, clearing out session cookies will allow that request to be made again.

You will need some form of login to prevent someone clearing their cookies, or even a cURL script looping.

Edit:

As a stop-gap measure, you could add a form of CSRF protection, a one-time-use hash would need to be applied to each request to make it valid.


Solution 3:

You can also pass a flag from post which you can set to whatsoever value when u really wants to update the value in database otherwise set it to 0. And while updating check the value of the flag and corresponding update it.


Solution 4:

given that GET or POST both can be easily done by the client. if you are just sending a raw score to the server this can never be good. I have never written a game where that much logic occurs on the client. the client side should just send commands to the server and the server decides whether or not this is a valid transaction/state. more or less the server knows the state of the client and the client just reflects that. that's the probably the only true way to gaurantee that what a client is doing is legal.


Solution 5:

Use captcha Wiki CAPTCHA , reCAPTCHA

Also, use Session to write down number of repeated requests done my user to the server and increment it on each successful request,

Then block the user from accessing your PHP script with the help of session storage data. PHP SESSIONS


You may like these posts

Post a Comment for "How To Secure/encode Javascript POST Requests"