3

I was just thinking .... if i have a ajax call, which calls a php file that gets some info from MySQL, wouldnt it be possible to edit the timeInterval with firebug or other editors, and make it spam the server with the call?

isnt that a security risk/flaw?

John DOe
  • 212
  • 1
  • 2
  • 12
  • Yes and possibly. It's a denial of service attack. – Blender Apr 26 '13 at 20:37
  • You can modify many things with a browser's console. That's why you shouldn't **depend** on Javascript for many things when developing. You don't necessarily need a browser for this though. – Ian Apr 26 '13 at 20:38
  • ^ Though it is not a direct duplicate, if you research a bit more you will end up at DDoS which is an advanced form of the attack which you've asked about. – Fabrício Matté Apr 26 '13 at 20:51
  • The accepted answer on that question linked above is particularly good: http://stackoverflow.com/a/14599129/438971 – Orbling Apr 26 '13 at 21:31

1 Answers1

1

Even if it weren't possible (it is) there's nothing to stop someone from making frequent requests on their own rather than using your own script. You have to throttle service of the requests on the server side.

Explosion Pills
  • 188,624
  • 52
  • 326
  • 405