Home     |     .Net Programming    |     cSharp Home    |     Sql Server Home    |     Javascript / Client Side Development     |     Ajax Programming

Ruby on Rails Development     |     Perl Programming     |     C Programming Language     |     C++ Programming     |     IT Jobs

Python Programming Language     |     Laptop Suggestions?    |     TCL Scripting     |     Fortran Programming     |     Scheme Programming Language


 
 
Cervo Technologies
The Right Source to Outsource

MS Dynamics CRM 3.0

Ajax Programming

calling PHP with HTTPrequest security


Hello all!  I have written a helpdesk ticket webapp which uses many
javascript calls to different php scripts to update a mysql database.
My question is, a) is there a way to prevent access from users trying
to access the php scripts via a URL..ex..

http://www.???.org/scripts/getTickets.php?tid=3234&user=jdoe

and if so, b) what is the best way to do this?  I can't hide these in a
different, non-web directory because then I can't access the scripts
once the page loads.  I'm sure this is a simple yes there is or no
there isn't a way type question, but I can't figure out what to do.
Any input is greatly appreciated, and if I missed this in a previous
post I apologize, I tried searching and couldn't find any posts related
to this. Thanks!!

Only thing you can do is make sure a person is authenticated.

ANother thing you can do is have a session type of variable that goes along
with the request. Sort of like a key for that current login. Therefore if
they take the link, it will work only work the next time.

Another thing is to skip GET and use POST

Eric

On 1/2/07, geek7 <dpoe@gmail.com> wrote:

On Jan 10, 5:27 pm, "Eric Pascarello" <alienf@gmail.com> wrote:

> [snip]

> Another thing is to skip GET and use POST

But, like get, post can also be faked (i.e. built up away from your web
app), albeit with more time involved.
Add to del.icio.us | Digg this | Stumble it | Powered by Megasolutions Inc