Sorry... Thanks Andrew.
On Feb 25, 9:26 am, samhail <[email protected]> wrote: > To close off this thread > i have implemented this below: > > if ($_SERVER['HTTP_REFERER'] !== '[Calling webpage URL]') > die(header("Location: /")); > > that will block the PHP XML script script. > > Going the next stage, i did the same thing with my javascript file. > created a PHP file, and echo'd the entire thing, and put that line > above. > So if anyone visits my .js or .php that outputs the XML, they will be > redirected. > > As andrew said, firebug can see everything, but im happy with this > level of security. > > On Feb 24, 2:57 pm, samhail <[email protected]> wrote: > > > OK Thanks for the reply. > > > On Feb 24, 10:34 am, Andrew Leach <[email protected]> > > wrote: > > > > On Feb 24, 8:46 am, samhail <[email protected]> wrote: > > > > > What i would like is if someone visited the PHP file (that outputs the > > > > XML data) directly that they will not be able to see the XML returned. > > > > > I found the code below, which looks perfect, in the PHP file - but it > > > > doesnt work. $_SERVER['REMOTE_ADDR'] always returns my IP address > > > > rather than the IP of the server. > > > > That's because the request is coming from the client, not the server. > > > > You probably need to examine the Referer header, > > > $_SERVER['HTTP_REFERER']. That will go some way to ensuring that the > > > request is generated by your web page. *But* be aware that headers are > > > reasonably easily spoofed, and anyone with a debugger like Firebug > > > will be able to see and copy your XML file from within the browser > > > very easily. Cookies are a (slightly) more secure way of ensuring the > > > origin of a request, but do nothing to protect your data from debug > > > tools. Once you publish your data, it's outside your control. > > > > Security of data is outside the scope of a Group dedicated to using > > > the Maps API.http://www.google.com/search?q=%22securing+data+on+the+web%22 -- You received this message because you are subscribed to the Google Groups "Google Maps API" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-maps-api?hl=en.
