I have coded some JavaScript to perform an ajax call in an asp.net application. This triggers a method that calls a URL, sending some parameters in the POST.
The receiving page processes the data and updates our database.
We will be providing this code to customers to allow them to send us the data we need in their checkout process for each transaction.
Can anyone tell me if there is a way to prevent unauthorized access to this URL? Otherwise an unscrupulous developer could use this URL to add data to our database when they shouldn't be.
Thanks for any pointers.
The issue here is that I will be providing the code to our customers and they will be adding it to their website. So I don't have the option of them performing anything much more complex than adding a few lines of code to their site.
The code though, needs to perform a sending of data to our server, somehow securely?
Is this an impossible scenario or would I need to perform some sort of auditing after the processing has occurred?
Thank you everyone for some good suggestions.
See Question&Answers more detail:os