To close off this thread
i have implemented this below:
if ($_SERVER['HTTP_REFERER'] !== '[Calling webpage URL]')
die(header("Location: /"));
that will block the PHP XML script script.
Going the next stage, i did the same thing with my javascript file.
created a PHP file, and echo'd the entire thing, and put that line
above.
So if anyone visits my .js or .php that outputs the XML, they will be
redirected.
As andrew said, firebug can see everything, but im happy with this
level of security.
On Feb 24, 2:57 pm, samhail <[email protected]> wrote:
> OK Thanks for the reply.
>
> On Feb 24, 10:34 am, Andrew Leach <[email protected]>
> wrote:
>
> > On Feb 24, 8:46 am, samhail <[email protected]> wrote:
>
> > > What i would like is if someone visited the PHP file (that outputs the
> > > XML data) directly that they will not be able to see the XML returned.
>
> > > I found the code below, which looks perfect, in the PHP file - but it
> > > doesnt work. $_SERVER['REMOTE_ADDR'] always returns my IP address
> > > rather than the IP of the server.
>
> > That's because the request is coming from the client, not the server.
>
> > You probably need to examine the Referer header,
> > $_SERVER['HTTP_REFERER']. That will go some way to ensuring that the
> > request is generated by your web page. *But* be aware that headers are
> > reasonably easily spoofed, and anyone with a debugger like Firebug
> > will be able to see and copy your XML file from within the browser
> > very easily. Cookies are a (slightly) more secure way of ensuring the
> > origin of a request, but do nothing to protect your data from debug
> > tools. Once you publish your data, it's outside your control.
>
> > Security of data is outside the scope of a Group dedicated to using
> > the Maps API.http://www.google.com/search?q=%22securing+data+on+the+web%22
--
You received this message because you are subscribed to the Google Groups
"Google Maps API" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/google-maps-api?hl=en.
