JS creating search-output page, preventing hijacking
Posted: Thu Nov 18, 2004 4:42 am
I want to use JS to create my Search results / output page.
Technologies involved are Apache 1...., MySQL 4.0.18, PHP 5 (I think) and JavaScript
PHP is used to query the DB's and return the values that are sent as variables to JavaScript for array creation (out of them) and page creation, pagination .....
Because the JavaScipt is Client Side, can someone hijack this in a way to get php variables from the server and use them in their own search results creation - So they don't need their own search engine, but they can "steal" data from my DB, they just link to input page, and take var's on DB query finish.
This came as an idea - security problem, can this be realy done or am I just being paranoid. ( asking to know whether I need to create output page on the server and send it "completed" trough the web, or is this method safe enough)
Note - I'm relatively new to JS, so my knowledge is small but developing.

Technologies involved are Apache 1...., MySQL 4.0.18, PHP 5 (I think) and JavaScript
PHP is used to query the DB's and return the values that are sent as variables to JavaScript for array creation (out of them) and page creation, pagination .....
Because the JavaScipt is Client Side, can someone hijack this in a way to get php variables from the server and use them in their own search results creation - So they don't need their own search engine, but they can "steal" data from my DB, they just link to input page, and take var's on DB query finish.
This came as an idea - security problem, can this be realy done or am I just being paranoid. ( asking to know whether I need to create output page on the server and send it "completed" trough the web, or is this method safe enough)
Note - I'm relatively new to JS, so my knowledge is small but developing.