hi
i hav a front page from which an ajax page is called and an text field is written in the front page using this ajax page.
I need to validate the user access for this page:
1.the ajax page should be executed only when it is called via ajax(i,e) when the ajax page URL is typed in the address bar it should not show its contents.
2.or the parent page(i,e) the front page url should be taken without the knowledge of the users in the ajax page (i,e) without passing the url into the ajax page via js. so that i can validate valid users to access the ajax page.
Any ideas??
regards
vijay
7 5041
actually it isn't that difficult. you just do an ajax request using POST. there you send the URL of your main page. then in your PHP page, you detect if your $_POST['url'] is empty. if it isnt, you execute the php on your page.
EDIT:
some example code -
function send(){
-
XMLHttpRequestObject = GetXmlHttpObject();
-
var sended = "data="+data+"&url="+url;
-
var request = "yourpage.php";
-
XMLHttpRequestObject.open("POST",request,true);
-
-
XMLHttpRequestObject.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
-
XMLHttpRequestObject.setRequestHeader("Content-length", sended.length);
-
XMLHttpRequestObject.setRequestHeader("Connection", "close");
-
-
XMLHttpRequestObject.send(sended);
-
}
-
this would be your request object but i guess you already have that. -
function GetXmlHttpObject() {
-
try{
-
XMLHttpRequestObject = new ActiveXObject("MSXML2.XMLHTTP");
-
}catch(exception1){
-
try{
-
XMLHttpRequestObject = new ActiveXObject("Microsoft.XMLHTTP");
-
}catch(exception2){
-
XMLHttpRequestObject = false;
-
}
-
-
if(!XMLHttpRequestObject && window.XMLHttpRequest){
-
XMLHttpRequestObject = new XMLHttpRequest();
-
}
-
}
-
-
return XMLHttpRequestObject;
-
}
-
yes probably i can do like that.,
but in this case as u said when i post data from the front page to the ajaxpage it can be viewed by the user when he views the pagesource and the user can access it by just posting the data directly into the ajax page from his own designed html page.
this should not be done...
most people won't do that, because
- they don't know anything about how websites work
- they don't want to (or don't care)
- it's too much work to do
despite that, you still can use a session to prevent "unauthorized" access. but you can't stop people looking at your code. another possibility would be using Java Applets (but that's a totally different story)
other things you can do to secure it: putting your ajax request in a seperate js-file. or use SSI file. this will prevent the code from showing in pagesource.
one thing you'll never be able to work around is firebug. it will always make your Ajax requests readable. so whats the point in trying to hide it?
posting data is very difficult(as dormilich said) thats why most 'secure' Ajax-requests use posts rather then get.
@vjayis
It's not a huge deal where the data comes from, as long as it is validated/sanitised.
thanks for ur reply guys.
Vjayis,
If your ajax page contains sensitive data that should only be displayed to people who are authorized (have permissions) to view this content you should consider implementing a system for user authentication/authorization (as Dormilich suggested in post 3).
This should be implemented in your server code because, as you have discovered, it's hard to do using a client side approach.
Sign in to post your reply or Sign up for a free account.
Similar topics
by: Yarco |
last post by:
I want to use "Ajax" to create my web for hobby.
But i don't know whether "Ajax" is mature...
And what about with php? Someone have experience on it?
....
|
by: Steve |
last post by:
I need to build a very dynamic client and would be interested in knowing the pros and
cons of using JSF and Ajax to accomplish this.
Thanks.
Steve
|
by: Jayyde |
last post by:
Is there any way to capture a button click inside an iFrame and
perform both an action on that page and one on the parent page?
Basically I have a page atm that allows the user to add a record to...
|
by: =?Utf-8?B?U2hhd24gU2VzbmE=?= |
last post by:
Greetings! I was researching AJAX to provide a solution to displaying status
messages while a long process executed. I found several examples online and
was able to use their code to get a quick...
|
by: jaynick |
last post by:
Hello, everyone! I'm hoping that someone in this forum will be kind enough to help me out. I am having a Javascript issue related to Ajax and I just can't seem to figure it out. I am currently...
|
by: =?Utf-8?B?V2FubmFiZQ==?= |
last post by:
The following used to update a parent page:
ClientScript.RegisterStartupScript(typeof(Page), "ReloadParent",
"window.opener.location.href = 'ProjectOverview.aspx?projectID=" +...
|
by: soms2m |
last post by:
HELLO ALL,
I want to fill the parent window height with respect to the sub window height which is loading using ajax (mootools).
For example if the parent window height is normal and the loading...
|
by: =?Utf-8?B?R2VyaGFyZA==?= |
last post by:
I have run into a situation that if a page/tab that uses the Ajax toolkit
(using .net version 3.5) is closed before the Ajax enable controls complete
loading, then IE locks up. Does it in both IE7...
|
by: Bali |
last post by:
Default.aspx is the starting page containing a control(ascx) which
has
asp:button control on it. On the button click event it has to open a
new page as a modal control. Since refreshing a page in...
|
by: CloudSolutions |
last post by:
Introduction:
For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome former...
|
by: ryjfgjl |
last post by:
In our work, we often need to import Excel data into databases (such as MySQL, SQL Server, Oracle) for data analysis and processing. Usually, we use database tools like Navicat or the Excel import...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
| |