开发者

$.getJSON and PHP file

Is it possible to hide name of *.php file in

$(document).ready(function(){
开发者_StackOverflow$.getJSON("getdata.php", function(returned_data) { 
    if(returned_data === "1") {
        $("div#wall").html('user has no subscription');
        $("#message_wall").attr("disabled", "disabled");
        return false;
    }
});

});

Because that jquery code will be visible in source code of the page and I do not want to some malicious visitors try to do something with it.


The short answer is no, you must secure this server-side. Anything a client can run, they can see...and anyone trying to be malicious can certainly figure out.

Even if you hid it under 15 layers of obfuscation, ultimately the browser still makes a request to a url, and any debugging tool can see that, FireBug, Fiddler, etc.

A session based approach, or cookies, something, anything to check that the user is authenticated/authorized on the server-end is the best approach.


What you should do is secure your the url request at getdata.php so that nobody else expect authorised users can perform action on it. like you can add if clause in your getdata.php


save ur URL at server side and then rename it ie gd="getdata.php".... after that pass it client side so that your code gets hidden and none except too expert can get yout URL... I think It should work

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜