This is a bit of a loaded question, but what precautions can be taken to make sure AJAX requests are more secure. An example would be a reddit style voting system where users either up-vote or down-vote an article or comment.
I need to make sure bots or users can't make more than a certain amount of requests during a time period and voting URLs can't be guessed (to thawte bots).
I did have a look at similar questions, but the ones I checked did not answer the concerns I have above.
If there anything else that I should be aware of, then please mention it.
Use session and IP logging technique. Like from a particular IP how many votes can be done in one day (or period of time ). You can valid IP and session at server side. You can also o/p your js using any server side language to insert some secure (random digits ). Like as we do to avoid Form spoofing.
Ajax security is not different from synchronous form submit security.
Are your users going to be logged into your website? (I'm the one geek in the world who doesn't read reddit, so I don't know how that works.
If they're logged in, you should be able to read their credentials in your web service, and track how many votes they've made. And if they're not logged in, then just reject their vote altogether.