This question already has an answer here:
- Users can change html code to delete what they want 2 answers
- HTML hidden input shouldn't be editable 6 answers
- Prevent URL editing by users to restrict access to server's resources 1 answer
- Input form with hidden field how to secure it 3 answers
- How do I prevent others from sending their own data to my php page? 5 answers
I am creating an application using JavaScript and PHP.
I post my data to a PHP file and then the PHP file insert my data into the MySQL database.
All good but I have some doubts about security because my dom can be easily manipulated using the browser.
For example my code like below
var req = {
method: 'POST',
url: 'phpfile/send_message.php',
headers: {
'Content-Type': undefined
},
data: {
"UserId": UserId,
"Message": Message,
...
..
}
};
$http(req).then(function successCallback(response) {
//Do Something
}, function errorCallback(response) {
//Do Something
});
anyone can put a breakpoint in this code and easily can change the UserId, therefore, the message sends to another user.
Ok, I know I can minify my Script but I think this is not enough. If someone wants to change data, he can find the code easily.
Is there any way to prevent this? Any information you can provide me would be greatly appreciated.
</div>