Thank you both. I have a hard time understanding all of this but I'll keep on it. I'm not worried about parts of my database being accessed a bit at a time (that's what my site is for) I worry that someone access's the whole database at once. I suppose they could if they altered they code to select * from markers. That's what I need to stop.
On Sep 27, 1:05 am, Mike Williams <[EMAIL PROTECTED]> wrote: > Wasn't it Lan Mind who wrote: > > >The database connection information is in a separate file other than > >the PHP file used to access the database. Is this good enough? Could > >somebody access and see it? I type it in the URL but it shows nothing > >in the browser. > > I guess you must be using Google Chrome as your browser. All other > browsers display the XML. Google Chrome displays a blank screen, but > "View Page Source" displays the XML source. > > Not only can people view bits of your data by typing things like > http://www.dockhawk.com/currentphp.php?name=chicago > into their browser, but it's almost certainly possible for people to > write PHP scripts that send such requests directly to that URL, so they > could serve your data to their Javascript client. > > It's probably impossible to protect your data against a skilled attacker > while providing a service that's publicly available. You could make > things difficult for them by encrypting your data, so that they'd have > to look at your Javascript code to see how to decrypt it, and by adding > a check in your server code to try to identify whether the request is > coming from your page. > > --http://econym.org.uk/gmap > The Blackpool Community Church Javascript Team --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Maps API" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/Google-Maps-API?hl=en -~----------~----~----~----~------~----~------~--~---
