Data security issue

Data security issue

bharbhar Posts: 18Questions: 6Answers: 0

I have successfully installed Datatables 1.10 and website is alive and running.

However, all php files can be directly accessed by visitors compromising the security of the data. I have retained directiory structure of the php files for instance,

    "ajax": "examples/server_side/scripts/co-objects.php"

How do I prevent direct access of the php file?

Answers

  • loloskiloloski Posts: 46Questions: 5Answers: 1

    bhar,

    this is not directly related to datatables per se, but as a good start please read oauth2 or JWT to secure your resource or whatever you may call it

  • allanallan Posts: 63,498Questions: 1Answers: 10,471 Site admin

    Do you mean that you want to restrict the access of the PHP files to authorised users only? If so, you would need to apply whatever session logic you are using for your user session management. That falls outside the scope of DataTables as loloski says, but it will more likely require simply testing for a session variable.

    Allan

  • bharbhar Posts: 18Questions: 6Answers: 0
    edited March 2016

    I need to block direct access to a php file in a browser

    Just like the example here -

    http://datatables.net/examples/data_sources/server_side.html

    $(document).ready(function() {
    $('#example').DataTable( {
    "processing": true,
    "serverSide": true,
    "ajax": "../server_side/scripts/server_processing.php"
    } );

    When a visitor enters the Url - http://datatables.net/server_side/scripts/server_processing.php in a browser, he gets a 404 error.

    Any help on how to achieve this would be appreciated.

  • allanallan Posts: 63,498Questions: 1Answers: 10,471 Site admin

    I had wondered if that was what you wanted, but I can't see how that would be possible. I'm not sure it even makes sense to be honest.

    Consider for example, that there is no way to know if the data request for server_processing.php comes from an Ajax request, or someone simply typing it into an address bar. So how would you know to return a 404 or data?

    At an even more basic level - what's the point? If the browser can load it, then even if you found a way to detect an Ajax request rather than in the address bar, all the user would need to do is right click and view the network connections in their browser.

    Allan

  • bharbhar Posts: 18Questions: 6Answers: 0
    edited March 2016

    One last question.

    http://datatables.net/server_side/scripts/server_processing.php

    When user access the above url directly from the browser, the url is giving a 404 error?

    Where as the url of my website -
    http://connectco.net/examples/server_side/scripts/itcompanyindex-ids-objects.php

    is showing json data.

    My requirement is that nobody should see the json data which is output of php file.

    Kindly help me on this.

  • allanallan Posts: 63,498Questions: 1Answers: 10,471 Site admin

    The link you give is from an old old example? Can you tell me where you got it and I'll remove the link.

    The correct URL for the current example is: http://datatables.net/examples/server_side/scripts/server_processing.php . As you'll see it does show the data.

    Allan

  • bharbhar Posts: 18Questions: 6Answers: 0
  • allanallan Posts: 63,498Questions: 1Answers: 10,471 Site admin

    That gets its data from http://datatables.net/examples/server_side/scripts/server_processing.php . I'm not clear why you thought it come from the other URL, which as you point out is 404.

    Allan

This discussion has been closed.