On 12/03/07, Mikael Noone <[EMAIL PROTECTED]> wrote: > I dont think that using javascript for security will solve the problem, try > using php instead. > Since javascript is run from the client, it can be manipulated easily. > > Kindest Regards, Mikael.
It is using PHP (or ASP.NET, CF etc). The key is generated on the server and sent to the client for use within the request. They key will change frequently (as it could be generated by a combination of website address, ip, session id, time etc) - i.e. different for each session. If the user copied the JavaScript and put it on their own domain, it would no longer work (as the key will then be invalid). i.e. <?php if ($_SESSION['ajaxKey'] == $_POST['ajaxKey']) doStuff(); else denyAccess(); ?> > > > On 3/12/07, Sam Collett <[EMAIL PROTECTED]> wrote: > > > > On 11/03/07, JQuery - SimDigital <[EMAIL PROTECTED]> wrote: > > > I need to protect the data generated from my site, just allowing to > > > access authorized sites. > > > > > > Ex.: > > > Authorized Site1 > Allowed to access/include the file > > > http://www.mysite.com/business.php. > > > Authorized Site2 > Allowed to access/include the file > > > http://www.mysite.com/business.php. > > > Unregistered Site > Unallowed to access the file. It will return a blank > > > page. > > > > > > It need to be like google maps API, that don´t allow unregistered sites > > > to use the API if it isnt registered. > > > > > > I don´t know how to solve this. What path i need to follow? > > > > This may be a good place to start: > > > > http://devzone.zend.com/node/view/id/1616 > > > > It involves generating an Ajax key on your server, stored in a session > > variable and sent to the client (. e.g. > > > > myAjaxKey.php > > > > <?php > > $_SESSION['ajaxKey'] = md5(mktime()); > > ?> > > var ajaxKey = '<?php echo $_SESSION['ajaxKey']; ?>'; > > > > > > Web page: > > > > <script type="text/javascript" src="myAjaxKey.php"></script> > > <script type="text/javascript"> > > $.ajax({ > > type: "POST", > > url: "some.php", > > data: "name=John&location=Boston&ajaxKey=" + ajaxKey, > > success: function(msg){ > > alert( "Data Saved: " + msg ); > > } > > }); > > </script> > > > > _______________________________________________ > > jQuery mailing list > > discuss@jquery.com > > http://jquery.com/discuss/ > > > > > _______________________________________________ > jQuery mailing list > discuss@jquery.com > http://jquery.com/discuss/ > > _______________________________________________ jQuery mailing list discuss@jquery.com http://jquery.com/discuss/
