$ .getJSON and the PHP file

Question

$ .getJSON and the PHP file

Is it possible to hide the * .php file name in

$(document).ready(function(){ $.getJSON("getdata.php", function(returned_data) { if(returned_data === "1") { $("div#wall").html('user has no subscription'); $("#message_wall").attr("disabled", "disabled"); return false; } });

});

Since this jQuery code will be displayed in the source code of the page, and I do not want some attackers to try to do something about it.

+4

jquery php

Sergio Feb 20 '10 at 15:14

source share

3 answers

What you need to do is protect your url request to getdata.php so that no one expects authorized users to be able to execute it. how can you add if the sentence is in your getdata.php

0

Yalamber Feb 20 '10 at 16:28

source share

save url url on server side and then rename it i.e. G.D. = "getdata.php" .... after that, skip its client side so that your code is hidden and no one except the expert can get yout url ... I think it should work

0

Dhaval dave May 18, '10 at 5:38

source share

Nick craver · Accepted Answer · 2010-02-20T15:17:04+0000

The short answer is no , you have to protect this server side. Everything that the client can run, they can see ... and anyone who tries to be evil can definitely find out.

Even if you hid it under 15 levels of obfuscation, ultimately the browser still makes a request to the URL, and any debugging tool can see that FireBug, Fiddler, etc.

A session-based approach, or cookies, anything, anything to authenticate / authorize a user on a server, is the best approach.

$ .getJSON and the PHP file

More articles: