Protect database content from being 'sniffed' out (Ajax)
https://stackoverflow.com/questions/9799448
-
25-05-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianFrage
I am using an AJAX request to retrieve and display data from my database.
$("#flexitopicresults").flexigrid(
{
url: 'venuequery-json.php',
dataType: 'json',
colModel : [ (..)
(..)
}
venuequery-json.php obviously delivers a nice json-formatted version of the data contained in my database to the grid component. The problem is: how can I prevent others from calling the .php file directly and then get a ready-to-use dump of the content of my database (PHP, MySQL) ?
Lösung
Use the same method you are currently using to secure the page that fetches the data to secure the ajax one (authentication via cookies or session or htaccess or whatever). You obviously trust that method enough to send it in first place.
Andere Tipps
You can initialize a session variable in ajax requesting page and then check it in 'venuequery-json.php'. After the checking process, you can renew the session variable. So users must request the ajax requesting page first. Furthermore, you can limit request per time for 'venuequery-json.php' by using sessions again.
