I send a ajax request with this function:
function myFunc(x)
{
$.ajax({
url: retrive.php,
type: 'POST',
data: 'data=' + x,
success: callback
});
}
I call the function with a integer parameter.for example:
myFunc(20);
myFunc(25);
can a hacker change the parameters of myFunc() ?
If he can, How to prevent change value?
What is the best way to send secure parameter?
** EDIT: **
My javascript codes have a variable called Score.
This variable is incremented by one:
if(condition)
{
Score++;
}
When the game is over, I send variable with Ajax.
And this variable with the game code is stored in the database.
if(game_over)
{
myFunc(20, Score); // game code, score
}
But this values can be changed by a user.(by console of chrome and firebug)
1. What is the solution?
2. What is the name of this type of attack? Is Xss?
Can a hacker change the parameters of myFunc() ?
Yes he can.
If he can, How to prevent change value?
You can't prevent it but you can verify the parameters within server side code.
What is the best way to send secure parameter?
What you can do is you can use mcrypt_encrypt() function for encrypting your string or data and while receiving data you can use mcrypt-decrypt() function else you can use your other encoding ways of PHP
You can check PHP mcrypt - Complete encryption and decryption of data