Ajax Talk - Asynchronous javascript and xml discussion board
 FAQ   Search    Usergroups      Register   Profile   Check your messages   Log in 
Signup now to enjoy a range of free membership advantages !!
Ajax Talk - Moderators Wanted
Ajax security

 
Post new topic   Reply to topic    Ajaxtalk.com Forum Index -> AJAX general discussion
View previous topic :: View next topic  
Author Message
evan_carothers
Light Frequent Poster
Light Frequent Poster


Joined: 11 Oct 2007
Posts: 9
Location: River Falls, WI

PostPosted: Thu Oct 11, 2007 10:18 pm    Post subject: Ajax security Reply with quote

Ok, I've been coding in php for quite a while, and have been doing ajax (with and without frameworks) for a couple years. I've been reading and looking into security topics a lot lately, and one question I have is about the blatant display of the location of the ajax-called scripts. Everybody makes a big deal about never wanting to reveal where your scripts reside, but with ajax you have to specify where the script is in javascript, leaving that available for anybody on the page to view if they wanted to. I know that you can use .htaccess to prevent scripts from being viewed if a specific set of characters are detected (aka <? or <?PHP) so if somebody does go to the page they can't see anything. Still, having somebody know where the script resides doesn't sit well with me. Is there any way at all to hide this information from the user, such as storing the location in a different file to be read at the time of processing, or a similar solution? I may just be over-worrying myself, but I've looked all over and can't seem to find anything on the subject...

Thx in advance for your advice!
Back to top
View user's profile Send private message Send e-mail
Jesdisciple
Frequent Poster
Frequent Poster


Joined: 20 Oct 2007
Posts: 36
Location: Tejas

PostPosted: Sun Oct 21, 2007 7:48 pm    Post subject: Reply with quote

That's just the nature of HTML: The browser has to get that info and no browsers have hidden it from the users yet, probably because less users would use such a browser. The only HTML solution I can think of is to have a PHP file, linked to by JavaScript, be the dispatch for all other files, but you already said you don't even want them to know the address of the PHP.

But if you were willing to surrender the HTML and go with a desktop language like C++ or Java, you could essentially make your own browser to hide that information; the appeal of your product would have to drive your users to use it despite being barred from seeing your source code. (Or, if you were to sell this closed browser to businesses, their products would need to have such appeal.)
_________________
In ALL things, strive for ><>,
Chris
Back to top
View user's profile Send private message Visit poster's website AIM Address MSN Messenger
Display posts from previous:   
Post new topic   Reply to topic    Ajaxtalk.com Forum Index -> AJAX general discussion All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
 Advertisements
 XML & Copyright Notice 
    


Powered by phpBB © 2001, 2005 phpBB Group

What is according to Wikipedia: Ajax Web2.0 XML E4X


Link to our site:

  


del.icio.us digg spurl wists simpy newsvine blinklist furl blogmarks yahoo! myweb smarking ma.gnolia segnalo reddit fark technorati cosmos


Normal Bookmark


Partner Button Links:
Codecrunch.com: Webmaster Tutorials    One Ajax


Partner Text Links:
quomon | web20log | ajaxmatters | tableless | 456bereastreet | music charts | gift ideas | competitions | free xbox 360 | link trade ?


Credits:
it consultancy & project management lead generation zoekmachine optimalisatie steal these buttons seo expert