Security tips for JQuery/JTemplate AJAX

In the traditional .netFramework, to a ceratin extent, the ValidateRequest takes care of sanitizing input. Proper Server side validations make it double safe. However,when I post data to server using JQuery/Jtemplate AJAX, I can add client side Validation, but in the worst condition that can be bypassed/compromised. I usually try to sanitize data, on server, using the following few guidelines.

— Check if any relevant Session is active.
— Use strong dataTypes, if you can, for the input parameters in the WebMethod.
   Say I use ‘int’ data type as an input parameter , then I can do a int.Parse(incomingData)    & throw the exception. Similarly for dateTime,float etc.
— Use SQLParameter (preferably Stored procedures) which tells SQL Server to interpret the      incoming value as plain text & not a SQL command.
— Use HtmlEncode for incoming plain text. You may use regex to get rid of html synatax if      you are sure that incoming data should not contain any html tags.

Hope this was usefull. Thanks for reading.

This entry was posted in JQuery. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s