jQuery ajax security

Question

I have the following ajax call which checks to see if the user is a paid member, if yes it runs certain functions accordingly. This works but i\'m concerned about security. What

Answer 1

If you're performing security checks like this client-side then there's nothing to stop the clients either modifying the Ajax URL (to return 'paid'), or just bypassing your JavaScript with their debugger to do what they want by jumping to your '//grant access and run some functions' section.

Let them perform those actions client-side if they wish, but always have a check in place server-side when the data is sent back before it is processed and stored to the database, or attempts to empty someone's bank account or such; the server-side validation checks are the only validation checks you can trust.

Never trust clients.

edit: jfriend00's answer is better :).