SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    SitePoint Zealot
    Join Date
    Mar 2005
    Posts
    141
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Ajax and Security

    If my Ajax is set up like
    html <--->ajax(js)<--->server(php)
    it would be easy for someone to copy the html and javascript pages to their site and then access my server pages. I don't suppose it matters much if someone did that as long as the php page had proper validation but is it possible to block someone linking to my server pages like that.

  2. #2
    SitePoint Addict jtrelfa's Avatar
    Join Date
    Oct 2004
    Location
    Troy, Mi
    Posts
    231
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You can verify in your PHP script that the "referring" domain is the same domain that your PHP script is hosted on.
    var me = null;

  3. #3
    SitePoint Zealot
    Join Date
    Mar 2005
    Posts
    141
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    But isn't it easy to "spoof" http referrer ?

  4. #4
    SitePoint Addict jtrelfa's Avatar
    Join Date
    Oct 2004
    Location
    Troy, Mi
    Posts
    231
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yes and no. Cross site scripting is a security violation in all modern browsers. You can't have http://www.example.com/xhr.js call data from http://www.differentexample.com/file.php It isn't allowed.

    Maybe I'm not fully understanding your question?
    var me = null;

  5. #5
    SitePoint Zealot
    Join Date
    Mar 2005
    Posts
    141
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for that. No... you did answer my question.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •