开发者

jQuery Ajax security for auto suggest script

I am working on some auto-suggest feature.

The script is fairly itself. When a character is typed in to the textbox it sends a ajax post (or get) request to the php file which queries the database and returns开发者_JS百科 a result set.

But the problem is that the php file is accessible on its own. So it can be called directly. Is there a way to prevent this and make that php file to serve only the ajax request on my application.

Thanks in advance.


No, there isn't. If your script can be requested, it can be requested by anything. It is possible to differentiate ajax requests from normal ones by testing for the x-requested-with header and responding accordingly, that is, if it does not contain the value XMLHTTPRequest you simply exit() the script. However, headers can always be spoofed. So no, you can't.


No. Anyone can look at your .php and stuff..
The best you can do is protect yourself from SQL injection, and thats about it.
There is no foolproof way to do what you want to do.

**By the way, if someone is actually actively polling your .php nonstop in his/her application, you could probably contact that person's host to terminate his/her account. Just saying. **

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜