Re: [PHP] What is the best way to protect the PHP page that returns the AJAX data?

On Thu, May 10, 2007 10:18 pm, Daevid Vincent wrote: Like most sites, someone needs to join up to use mine. Errr. To be pedantic, I don't think most sites require registration, actually... :-) I'm not saying it's bad or anything, just that there's still way more HTML pages out there with free

Re: [PHP] What is the best way to protect the PHP page that returns the AJAX data? [solved]

On Fri, May 11, 2007 9:59 pm, [EMAIL PROTECTED] wrote: Set ajaxObject.setRequestHeader(User-Agent,SecretName); in Javascript and check for it in PHP. Not fool-proof, but the average person wouldn't be able to get in. Unless the user View Source and read your AJAX code... This is not going to

Re: [PHP] What is the best way to protect the PHP page that returns the AJAX data? [solved]

Richard Lynch wrote: On Fri, May 11, 2007 9:59 pm, [EMAIL PROTECTED] wrote: Set ajaxObject.setRequestHeader(User-Agent,SecretName); in Javascript and check for it in PHP. Not fool-proof, but the average person wouldn't be able to get in. Unless the user View Source and read your AJAX code...

Re: [PHP] What is the best way to protect the PHP page that returns the AJAX data? [solved]

On Fri, 2007-05-11 at 22:12 -0700, [EMAIL PROTECTED] wrote: I don't see you giving a solution. The solution is the same as for any session in which you want to protect data. It hardly needs covering yet again. Read the archives. Cheers, Rob. On 5/11/07, Robert Cummings [EMAIL PROTECTED]

Re: [PHP] What is the best way to protect the PHP page that returns the AJAX data? [solved]

On Friday 11 May 2007 12:45, Robert Cummings wrote: On Thu, 2007-05-10 at 21:23 -0700, Daevid Vincent wrote: Thanks for the suggestion and concern. Fear not, I'm a PHP Guru as mentioned. A Guru would have spent 60 seconds testing to see if the session_start() scenario worked BEFORE posting

Re: [PHP] What is the best way to protect the PHP page that returns the AJAX data? [solved]

Robert Cummings wrote: A Guru would have spent 60 seconds testing to see if the session_start() scenario worked BEFORE posting to the list :B /me was thinking the same -- Regards, Clive. Real Time Travel Connections {No electrons were harmed in the creation, transmission or reading of

Re: [PHP] What is the best way to protect the PHP page that returns the AJAX data?

I would also like to know how people are dealing with this, how to you make sure people don't steal your data, sometimes it can be something simple like state names, but sometimes it can be your entire user/email database, who knows? And OF COURSE he is not passing a query on the url, a dumb

Re: [PHP] What is the best way to protect the PHP page that returns the AJAX data?

On Fri, 2007-05-11 at 09:01 -0300, Rangel Reale wrote: I would also like to know how people are dealing with this, how to you make sure people don't steal your data, sometimes it can be something simple like state names, but sometimes it can be your entire user/email database, who knows?

Re: [PHP] What is the best way to protect the PHP page that returns the AJAX data?

On 5/10/07, Daevid Vincent [EMAIL PROTECTED] wrote: I'm a PHP guru Then this question shouldn't have been asked. :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] What is the best way to protect the PHP page that returns the AJAX data? [solved]

Set ajaxObject.setRequestHeader(User-Agent,SecretName); in Javascript and check for it in PHP. Not fool-proof, but the average person wouldn't be able to get in. On 5/11/07, clive [EMAIL PROTECTED] wrote: Robert Cummings wrote: A Guru would have spent 60 seconds testing to see if the

Re: [PHP] What is the best way to protect the PHP page that returns the AJAX data? [solved]

On Fri, 2007-05-11 at 19:59 -0700, [EMAIL PROTECTED] wrote: Set ajaxObject.setRequestHeader(User-Agent,SecretName); in Javascript and check for it in PHP. Not fool-proof, but the average person wouldn't be able to get in. Bleh, do it right. Don't settle for half-assed solutions that rely on

Re: [PHP] What is the best way to protect the PHP page that returns the AJAX data? [solved]

I don't see you giving a solution. On 5/11/07, Robert Cummings [EMAIL PROTECTED] wrote: On Fri, 2007-05-11 at 19:59 -0700, [EMAIL PROTECTED] wrote: Set ajaxObject.setRequestHeader(User-Agent,SecretName); in Javascript and check for it in PHP. Not fool-proof, but the average person wouldn't

[PHP] What is the best way to protect the PHP page that returns the AJAX data?

Like most sites, someone needs to join up to use mine. I'm using a wee-bit-o-AJAX to pull some results from a database and display them dynamically. For the AJAX to work, it has to hit a script that's accessible from the htdocs tree right? Effectively it's just a (JavaScript initiated) GET

Re: [PHP] What is the best way to protect the PHP page that returns the AJAX data?

That's a humongous, humongous security risk there. What if someone goes http://example.com/gimmedata.php?query=DROP DATABASE hi? Unless I misunderstood. A better way would be in the script: switch ($_GET['query']) { case fetch: $dbquery = 'SELECT stuff FROM stuff'; break; case eatsnacks:

RE: [PHP] What is the best way to protect the PHP page that returns the AJAX data? [solved]

Thanks for the suggestion and concern. Fear not, I'm a PHP Guru as mentioned. I never said that I execute the code directly like that. Perhaps my query keyname was a bit misleading. Would http://example.com/gimmedata.php?id=3foo=barmap=on have been more clear? I also am not so silly as to run

RE: [PHP] What is the best way to protect the PHP page that returns the AJAX data? [solved]

On Thu, 2007-05-10 at 21:23 -0700, Daevid Vincent wrote: Thanks for the suggestion and concern. Fear not, I'm a PHP Guru as mentioned. A Guru would have spent 60 seconds testing to see if the session_start() scenario worked BEFORE posting to the list :B Cheers, Rob. --