Preventing users hijacking ajax calls?
I am building a user-based online application using jquery, and I am concerned about the possibility of users being able to hijack my ajax functions. I'm sure there is a standard way of dealing with this, but I don't know what it is. I'm hoping one of you can tell me... ;-)
For example, if users are logged in, and want to send an instant message to each other, they can use a simple messaging system. An ajax call passes their message to a back-end handler script, like so:
-
$.ajax({
type: "POST",
url: "back-end-handler.php",
data: "from=" + FROM_ID + "&to=" + TO_ID + "&message=" + MSG,
success: function(msg){
alert( "Message Sent: " + msg );
}
});
Now what's to stop a tech-savvy user intercepting the form data and changing the FROM_ID to someone else's ID, to spoof that this message came from someone else?
Any help is greatly appreciated!