1 (edited by Gurthgor 2010-10-16 7:19:54 PM)

Topic: Onkeyup listener, xajax and security

I have made a xajax function that is called everytime user activates the onkey event but then if user choose to press key very fast server is overloaded.
I readed the onkey tutorial to prevent calling a xajax function for certain time http://www.xajax-project.org/en/docs-tu … buffering/ … buffering/ but i am not sure about if this will be secure as probably can be hacked with javascript injection just setting a different buffer time very low if the user want to burden server and also will give unwanted and unexpected results.
Another method i found was just letting call the xajax function if certain variable is 0 and just give that variable value 1 after calling the xajax function and in the xajax function set the value again to 0 just at the end of the script. It worked but i am not sure either if its secure , i am not expert in security but i know with javascript injection at least can change variables values and not sure if for instance can be injected a while setting a variable to 0 all the time.