Safe submission of data
Posted: 08 Oct 2009, 17:28
I'm working on a MOD that will allow people to rank posts:
[img]http://img207.imageshack.us/img207/7137/modss.png[/img]
(NOTE: It will be prettier when I'm done).
Now, I need to add a row to the new 'vote' table when you click on the appropriate link. What's the best way to safely send this data to the file that will actually do the upload? If I just use a regular link than I am susceptible to CSRF. But if I use a POST form, people could still edit that data on their end, and then POST it.
What do you guys think I should do?
[img]http://img207.imageshack.us/img207/7137/modss.png[/img]
(NOTE: It will be prettier when I'm done).
Now, I need to add a row to the new 'vote' table when you click on the appropriate link. What's the best way to safely send this data to the file that will actually do the upload? If I just use a regular link than I am susceptible to CSRF. But if I use a POST form, people could still edit that data on their end, and then POST it.
What do you guys think I should do?