Wasn't it Lan Mind who wrote: >The database connection information is in a separate file other than >the PHP file used to access the database. Is this good enough? Could >somebody access and see it? I type it in the URL but it shows nothing >in the browser.
I guess you must be using Google Chrome as your browser. All other browsers display the XML. Google Chrome displays a blank screen, but "View Page Source" displays the XML source. Not only can people view bits of your data by typing things like http://www.dockhawk.com/currentphp.php?name=chicago into their browser, but it's almost certainly possible for people to write PHP scripts that send such requests directly to that URL, so they could serve your data to their Javascript client. It's probably impossible to protect your data against a skilled attacker while providing a service that's publicly available. You could make things difficult for them by encrypting your data, so that they'd have to look at your Javascript code to see how to decrypt it, and by adding a check in your server code to try to identify whether the request is coming from your page. -- http://econym.org.uk/gmap The Blackpool Community Church Javascript Team --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Maps API" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/Google-Maps-API?hl=en -~----------~----~----~----~------~----~------~--~---
