Arne-Kolja Bachstein-2 wrote: > > do you have any ideas how I could secure my php files against direct > calls of the functions an ajax script calls? For example if I let my > AJAX script send a request to foo.php and foo.php returns a line of code > the AJAX script usually writes onto my site, how can I avoid that these > calls are submitted from outside/other sites can read these calls results. >
Checking the referrer in the HTTP header is about as much as you can do, although of course this can be faked by individual users. This approach will prevent other sites using your AJAX service however, as they would be unlikely to be able to fake the referrer provided by their users, which of course you can detect and then refuse to serve data. -- View this message in context: http://www.nabble.com/Securing-AJAX-PHP-against-direct-calls--tf3173953.html#a8805171 Sent from the JQuery mailing list archive at Nabble.com. _______________________________________________ jQuery mailing list [email protected] http://jquery.com/discuss/
