Yes, AJAX itself is very easy. AJAX itself can't do much beyond load a new page within an area of another page. To do all the nice, dynamic effects that AJAX can do, you need to have the Javascript abilities to do them. AJAX won't get you far on its own without Javascript abilities to do complex things with that passed data.Qunox wrote:Wow the key to AJAX seams rather easybut that is a good thing, right?
Well I'm not experienced with JavaScript so i do not know how to use split() too handle diffrent stuff in the string.
Yes, they absolutely can do that! Obfuscation is a small part of the solution. It helps, and it will stop at least 95% of those out there from successfully altering your Javascript to exploit it. However, the real way to secure it is the age-old, #1 lesson of web development security: Assume all data sent from the user is malicious until you can prove otherwise on the web server. This is done by first sanitizing any incoming data before using it in a query, storing it in the database or displaying it on a webpage, and also checking the logic of your application to ensure that the data you are receiving is the same data you expected, in the same range you expected, and at the right time you expected. While sanitizing your data is very easy to do with scripts freely available online, the latter is not so easy, and requires proper planning in your application.Qunox wrote:Well can't the user save the page localy, edit the JavaScript and run it from the desktop?(With modyfied pages)? I'm asking since i really don't know.
As far as the source code i guess a obfus is the solution...just need too get it to work xD
. But JavaScript seams fairly easy(I'v done a bit C/++, Blitz, GML) so the syntax is not very "new" to me. The real reason i hate clientside scripting is because it's such a hassle making it safe. But thats why we use PHP(or ASP or any other server side language) as a backend 
