Ok, that works fine if i want to protect my own site from use of my ajaxscript in another sites... As you describe, i will block every other site to use my script.
But as i say before, i want to allow some sites to use it. (some... not none and not all) Another suggest? Sam Collett escreveu: > On 12/03/07, Mikael Noone <[EMAIL PROTECTED]> wrote: > >> I dont think that using javascript for security will solve the problem, try >> using php instead. >> Since javascript is run from the client, it can be manipulated easily. >> >> Kindest Regards, Mikael. >> > > It is using PHP (or ASP.NET, CF etc). The key is generated on the > server and sent to the client for use within the request. They key > will change frequently (as it could be generated by a combination of > website address, ip, session id, time etc) - i.e. different for each > session. > > If the user copied the JavaScript and put it on their own domain, it > would no longer work (as the key will then be invalid). > > i.e. > > <?php > if ($_SESSION['ajaxKey'] == $_POST['ajaxKey']) doStuff(); > else denyAccess(); > ?> > > >> On 3/12/07, Sam Collett <[EMAIL PROTECTED]> wrote: >> >>> On 11/03/07, JQuery - SimDigital <[EMAIL PROTECTED]> wrote: >>> >>>> I need to protect the data generated from my site, just allowing to >>>> access authorized sites. >>>> >>>> Ex.: >>>> Authorized Site1 > Allowed to access/include the file >>>> http://www.mysite.com/business.php. >>>> Authorized Site2 > Allowed to access/include the file >>>> http://www.mysite.com/business.php. >>>> Unregistered Site > Unallowed to access the file. It will return a blank >>>> page. >>>> >>>> It need to be like google maps API, that don´t allow unregistered sites >>>> to use the API if it isnt registered. >>>> >>>> I don´t know how to solve this. What path i need to follow? >>>> >>> This may be a good place to start: >>> >>> http://devzone.zend.com/node/view/id/1616 >>> >>> It involves generating an Ajax key on your server, stored in a session >>> variable and sent to the client (. e.g. >>> >>> myAjaxKey.php >>> >>> <?php >>> $_SESSION['ajaxKey'] = md5(mktime()); >>> ?> >>> var ajaxKey = '<?php echo $_SESSION['ajaxKey']; ?>'; >>> >>> >>> Web page: >>> >>> <script type="text/javascript" src="myAjaxKey.php"></script> >>> <script type="text/javascript"> >>> $.ajax({ >>> type: "POST", >>> url: "some.php", >>> data: "name=John&location=Boston&ajaxKey=" + ajaxKey, >>> success: function(msg){ >>> alert( "Data Saved: " + msg ); >>> } >>> }); >>> </script> >>> >>> _______________________________________________ >>> jQuery mailing list >>> discuss@jquery.com >>> http://jquery.com/discuss/ >>> >>> >> _______________________________________________ >> jQuery mailing list >> discuss@jquery.com >> http://jquery.com/discuss/ >> >> >> > > _______________________________________________ > jQuery mailing list > discuss@jquery.com > http://jquery.com/discuss/ > > > > > _______________________________________________ jQuery mailing list discuss@jquery.com http://jquery.com/discuss/
