Page 1 of 1
Protecting my XML pages
Posted: Mon May 01, 2006 3:37 pm
by Cole22
I've written an AJAX application with pages that generate the required XML based on the $_GET variables passed to it and Javascript code which makes the required requests.
My problem is that right now, anyone calling the required URL eg.
http://mysite.com/getxml.php?id=1 can get at my XML feeds. How do I protect them so that only my site has access to it?
Thanks for the help
Posted: Mon May 01, 2006 3:52 pm
by Nathaniel
Are you saying so that only your javascript (AJAX program) has access to it?
I don't see how that would be possible...
Posted: Mon May 01, 2006 4:24 pm
by Sema
What data is in these xml files when you don't want the user to see them?
In my opinion, if you need clientside! JavaScript to access data, it can't be considered secure data, and therefore it should not be a problem if the user would see this xml file. Is it to stop a user from using the xml file in rss readers or on their own sites? Or are there some kind of "secret" data in the xml file you don't want the user to see?
Posted: Mon May 01, 2006 4:39 pm
by hawleyjr
You can check for a session before creating the xml files

Posted: Tue May 02, 2006 6:47 am
by Cole22
Or are there some kind of "secret" data in the xml file you don't want the user to see?
No, there's nothing secret.
Is it to stop a user from using the xml file in rss readers or on their own sites?
Yes, exactly that.
Posted: Tue May 02, 2006 6:53 am
by Cole22
I was hoping to get a simple solution like just checking the referrer header but that is easily spoofed, so sessions it is then. Thanks hawleyjr