I'm creating a Twitter/Reddit style website. I've been wondering what is the best way to securely send the in-depth details of comment data via a reply button press, grabbing it in JS and sending it back to my database

If there are 100 comments with 100 reply buttons, can I store the comment ID in the value field of the button or is this too open? My feelings are that even if users know the ID values of the comment they reply to, anyone that attempts to abuse a system with spam would get automatically limited or banned via server side detection.

Note that on the server side, a user already has a session so spam should be quite visible... right?

I've seen the option to use type="hidden", eg: but it seems this can be pulled with a little jquery anyway. Thoughts?

Thanks.

CodePudding user response：

Yes you are right. According to me you can do one thing convert the each comment id into an unique hash then add that value in the button field and while submitting the reply convert that unique hash into the id in the server side only and if id not matched then consider it as a spam and send internal server error message.

CodePudding user response：

There are a few options you could consider to securely send the in-depth details of comment data via a reply button press:

1. Use a unique identifier for each comment, such as a UUID, and store this in the value field of the reply button. This would prevent users from easily guessing the comment ID values, and would also make it more difficult for someone to abuse the system with spam.
2. Use an encrypted token to securely transmit the comment data from the front-end to the back-end. This would make it virtually impossible for anyone to intercept and access the data without the correct decryption key.
3. Implement server-side validation and spam detection to automatically limit or ban users who attempt to abuse the system. This would help ensure that only legitimate comments are posted, and would make it easier to identify and block spamming attempts.

Overall, it's important to consider both security and user experience when designing your reply button functionality. By implementing a combination of the above approaches, you can ensure that your users can easily engage with the comments on your site while protecting their data from unauthorized access.