0

How to restrict access the jquery ajax method from browser console window via hacking.

The problem is: everyone can just go to the console and make a loop around it and make that request a thousand time. As I can't restrict by a log in system, I was wondering how I can deal with this security problem.

Thanks

user3702440
  • 21
  • 1
  • 1
  • 3
  • I'm not sure if I fully understand your question, but I guess [CSRF token](https://stackoverflow.com/questions/5207160/what-is-a-csrf-token-what-is-its-importance-and-how-does-it-work) is what you are looking for – Krzysztof Janiszewski Dec 04 '18 at 12:52

1 Answers1

0

I don't think this is really possible without some form of server side validation or security. The whole point in an ajax request is it is client side, this means that user can call it and see the call being made on some sort of network inspector.

If you can change server side code something along the lines of CSRF Token would be the best way to go.

Alternatively and way less secure but you could add a sleep to the method or function being called on the server so it cannot be polled repeatedly.

tmkiernan
  • 375
  • 1
  • 16
  • i am implemented CSRF token in my master page how to validate in child page jquery ajax request – user3702440 Dec 05 '18 at 07:55
  • trying to prevent isn't really a hijack at all; its a user writing an ajax call manually in the google chome jconsole or the firefox firebug console. – user3702440 Dec 25 '18 at 07:18