On Feb 24, 8:46 am, samhail <[email protected]> wrote: > > What i would like is if someone visited the PHP file (that outputs the > XML data) directly that they will not be able to see the XML returned. > > I found the code below, which looks perfect, in the PHP file - but it > doesnt work. $_SERVER['REMOTE_ADDR'] always returns my IP address > rather than the IP of the server.
That's because the request is coming from the client, not the server. You probably need to examine the Referer header, $_SERVER['HTTP_REFERER']. That will go some way to ensuring that the request is generated by your web page. *But* be aware that headers are reasonably easily spoofed, and anyone with a debugger like Firebug will be able to see and copy your XML file from within the browser very easily. Cookies are a (slightly) more secure way of ensuring the origin of a request, but do nothing to protect your data from debug tools. Once you publish your data, it's outside your control. Security of data is outside the scope of a Group dedicated to using the Maps API. http://www.google.com/search?q=%22securing+data+on+the+web%22 -- You received this message because you are subscribed to the Google Groups "Google Maps API" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-maps-api?hl=en.
