php - Send data sensitive data to javascript -
i have code:
<input type="button" value="delete group" class="followbt" name="delete" onclick="deletegroupdialog(' . $group_row['ngroup'] . ');"> the field 'ngroup' group number want delete, , passing javascript function opens jquery dialog window in order ask if user of doing, problem can go on browser , edit number , go delete group (that belongs him).
i have made search didn't find anything, there way pass argument more securely?
ps: when show dialog window don't want reload page make server request.
your client-side code should never final word on user allowed do; that's server's job. client-side gatekeeping purely there ux, guide user doing they're allowed , guide them away they're not allowed do.
yes, client can indeed go in , edit things, or custom-craft http messages send server. that's why server needs gatekeeper. way, don't care if user hand-edits group number: if they're allowed delete group, can delete (through ui or nefarious means); if aren't, can't, no matter how client-side trickery try.
Comments
Post a Comment