Yeah, theres no real way to stop ajax requests from being send, as its very easy to get all of the information sent, and spoof anything that is verified.
On 2/5/07, halfer <[EMAIL PROTECTED]> wrote:
Nandi: I didn't know that, thanks for the info. Yes, a quickly expiring hash would be a very good protection against this. arne: The referrer is correct, and is the page that calls it, not the JS file itself. Get Firefox + Firebug to see this in action on your favourite AJAX-powered site - expand the relevant part on the console tab and you'll see the request and response headers. -- View this message in context: http://www.nabble.com/Securing-AJAX-PHP-against-direct-calls--tf3173953.html#a8805459 Sent from the JQuery mailing list archive at Nabble.com. _______________________________________________ jQuery mailing list discuss@jquery.com http://jquery.com/discuss/
_______________________________________________ jQuery mailing list discuss@jquery.com http://jquery.com/discuss/