One of the problems with Ajax is that a foreign web page can include ajax calls to a service which will be executed with the user's credentials. To prevent this, ajax calls should include a nonce, an unguessable string which is associated with the user. Ajax calls without the correct nonce are ignored.
Apparently, Wordpress does the something similar: http://www.prelovac.com/vladimir/improving-security-in-wordpress-plugins-using-nonces
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment