Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community!

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial


Calling a PHP Method with AJAX, secure or not?

Hello, i want to make a bit efficient website and load all pages into a container with AJAX. I can do it in two ways (atleast 2 ways that make sense to me). First way would be loading an AJAX with a method inside, for example "Online Users". The page would be loaded with AJAX and inside the page, i would use a method to show all the Users. The second way, would be to make a AJAX call and get a JSON string and encode it via Javascript and loop out the whole array of users. I guess passing the JSON made by PHP and encoding it in the Frontend would be the most efficient way right?

I read about "Protocol Buffer" but i have no idea how to install it on my Webhost nor how to use it.

1 Answer

Hey Damian,

What you are asking can be secure, however to secure you will need to think of some basic web security. For example, when you make the AJAX call to fetch the users; you want to secure that request. Most front-end frameworks will say JSON and having JS print to page would be efficient. Using an standard with JSON also allows you to be flexible with the backend.

Should the the user information by private, ie only visible to other logged in users? If so then how will we authentication and then authorize them to fetch the users over AJAX? Could someone exploit our authentication? Should we use once time numbers or tokens, etc.