Nandi: I didn't know that, thanks for the info. Yes, a quickly expiring hash would be a very good protection against this.
arne: The referrer is correct, and is the page that calls it, not the JS file itself. Get Firefox + Firebug to see this in action on your favourite AJAX-powered site - expand the relevant part on the console tab and you'll see the request and response headers. -- View this message in context: http://www.nabble.com/Securing-AJAX-PHP-against-direct-calls--tf3173953.html#a8805459 Sent from the JQuery mailing list archive at Nabble.com. _______________________________________________ jQuery mailing list [email protected] http://jquery.com/discuss/
