As you describe, i will block every other site to use my script. But as i say before, i want to allow some sites to use it. (some... not none and not all)
Another suggest? JQuery - SimDigital escreveu: > Ok, that works fine if i want to protect my own site from use of my > ajaxscript in another sites... > As you describe, i will block every other site to use my script. > > But as i say before, i want to allow some sites to use it. (some... not > none and not all) > > Another suggest? > > > Sam Collett escreveu: > >> On 12/03/07, Mikael Noone <[EMAIL PROTECTED]> wrote: >> >> >>> I dont think that using javascript for security will solve the problem, try >>> using php instead. >>> Since javascript is run from the client, it can be manipulated easily. >>> >>> Kindest Regards, Mikael. >>> >>> >> It is using PHP (or ASP.NET, CF etc). The key is generated on the >> server and sent to the client for use within the request. They key >> will change frequently (as it could be generated by a combination of >> website address, ip, session id, time etc) - i.e. different for each >> session. >> >> If the user copied the JavaScript and put it on their own domain, it >> would no longer work (as the key will then be invalid). >> >> i.e. >> >> <?php >> if ($_SESSION['ajaxKey'] == $_POST['ajaxKey']) doStuff(); >> else denyAccess(); >> ?> >> >> >> >>> On 3/12/07, Sam Collett <[EMAIL PROTECTED]> wrote: >>> >>> >>>> On 11/03/07, JQuery - SimDigital <[EMAIL PROTECTED]> wrote: >>>> >>>> >>>>> I need to protect the data generated from my site, just allowing to >>>>> access authorized sites. >>>>> >>>>> Ex.: >>>>> Authorized Site1 > Allowed to access/include the file >>>>> http://www.mysite.com/business.php. >>>>> Authorized Site2 > Allowed to access/include the file >>>>> http://www.mysite.com/business.php. >>>>> Unregistered Site > Unallowed to access the file. It will return a blank >>>>> page. >>>>> >>>>> It need to be like google maps API, that don´t allow unregistered sites >>>>> to use the API if it isnt registered. >>>>> >>>>> I don´t know how to solve this. What path i need to follow? >>>>> >>>>> >>>> This may be a good place to start: >>>> >>>> http://devzone.zend.com/node/view/id/1616 >>>> >>>> It involves generating an Ajax key on your server, stored in a session >>>> variable and sent to the client (. e.g. >>>> >>>> myAjaxKey.php >>>> >>>> <?php >>>> $_SESSION['ajaxKey'] = md5(mktime()); >>>> ?> >>>> var ajaxKey = '<?php echo $_SESSION['ajaxKey']; ?>'; >>>> >>>> >>>> Web page: >>>> >>>> <script type="text/javascript" src="myAjaxKey.php"></script> >>>> <script type="text/javascript"> >>>> $.ajax({ >>>> type: "POST", >>>> url: "some.php", >>>> data: "name=John&location=Boston&ajaxKey=" + ajaxKey, >>>> success: function(msg){ >>>> alert( "Data Saved: " + msg ); >>>> } >>>> }); >>>> </script> >>>> >>>> _______________________________________________ >>>> jQuery mailing list >>>> discuss@jquery.com >>>> http://jquery.com/discuss/ >>>> >>>> >>>> >>> _______________________________________________ >>> jQuery mailing list >>> discuss@jquery.com >>> http://jquery.com/discuss/ >>> >>> >>> >>> >> _______________________________________________ >> jQuery mailing list >> discuss@jquery.com >> http://jquery.com/discuss/ >> >> >> >> >> >> > > > _______________________________________________ > jQuery mailing list > discuss@jquery.com > http://jquery.com/discuss/ > > > > > _______________________________________________ jQuery mailing list discuss@jquery.com http://jquery.com/discuss/
