Hello all,

I've been building a widget for a site of mine that is ajax powered. Everytime a user clicks, the requested data is returned. Very simple.

My question is if someone were to clone my ajax request to the server.. they could easily just retrieve that data my script returns and use it in one of their own scripts, correct?

If so, then how can i prevent this type of thing from happening? because even if i send and retrieve tokens with every request. That other persons script could just be coded to handle that as well.

I'm baffled.