Hi, I get it now. The issue is preventing anyone from stealing data by automated script. The assumption is that users who might pass your data as a print out on paper is not really an issue or as a PDF printed from your site is not really an issue. The challenge is to keep anyone from taking the electronic source data in your DB and stealing it or copying it.
If the data is data is "very valuable", you could try having your scripts output something that would make copying the data difficult. The first thing that comes to mind it formating your output with PHP then rasterizing it into a JPEG to be displayed or output a PDF that prevents printing or copying. I've seen a magazine use Java Applets to protect their articles. Sincerely, Mike -- Mike Brandonisio * IT Planning & Support Tech One Illustration * Database Applications tel (630) 759-9283 * e-Commerce [EMAIL PROTECTED] * www.techoneillustration.com On Jun 30, 2006, at 8:06 AM, J Siegel wrote: >> I guess I'm not understanding this part of you dilemma. > > > OK, I'll explain it with more detail. > > I access mySql databases through the use of php scripts (that's sort > of why I'm on this group). Let's say that my database contains some > very valuable information collected over many years. I allow my > users to view parts of the data overlaid on a map. I want them to > only access the data through my web site (for a variety of reasons). > > Inside my Flash/AJAX/Javascript/whatever code, it isn't hard to see > that my database is accessed with something like: > > http://www.myurl.com/access_my_data.php?id=1000&count=5 > > Using POST inside a Flash swf, etc. is similar in its ease of > figuring out how to call the php script. > > So now a smart little hacker can write their own code to call my php > script and grab my entire database. Sure, I can limit the "count" > parameter above but that doesn't stop them from just calling the > script thousands of times with smaller count values. > > This has nothing to do with directly accessing the database. I know > that the mySql passwords are secure. All I'm trying to do is figure > out a way to deny access of my php scripts from others. > > Since I'm going to require that my users log onto my system, I can > use session variables to "validate" a user. But what stops a user > from logging in (creating the session variables) and then running > their own scripts to grab all of my data through my php access? > > Am I missing something so simple that no one has ever faced this > before? > > > > > > > > ------------------------ Yahoo! Groups Sponsor -------------------- > ~--> > See what's inside the new Yahoo! Groups email. > http://us.click.yahoo.com/2pRQfA/bOaOAA/yQLSAA/CefplB/TM > -------------------------------------------------------------------- > ~-> > > The php_mysql group is dedicated to learn more about the PHP/MySQL > web database possibilities through group learning. > Yahoo! Groups Links > > > > > > > > > ------------------------ Yahoo! Groups Sponsor --------------------~--> Great things are happening at Yahoo! Groups. See the new email design. http://us.click.yahoo.com/TISQkA/hOaOAA/yQLSAA/CefplB/TM --------------------------------------------------------------------~-> The php_mysql group is dedicated to learn more about the PHP/MySQL web database possibilities through group learning. Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/php_mysql/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
