Data security issue
Data security issue
bhar
Posts: 18Questions: 6Answers: 0
I have successfully installed Datatables 1.10 and website is alive and running.
However, all php files can be directly accessed by visitors compromising the security of the data. I have retained directiory structure of the php files for instance,
"ajax": "examples/server_side/scripts/co-objects.php"
How do I prevent direct access of the php file?
This discussion has been closed.
Answers
bhar,
this is not directly related to datatables per se, but as a good start please read oauth2 or JWT to secure your resource or whatever you may call it
Do you mean that you want to restrict the access of the PHP files to authorised users only? If so, you would need to apply whatever session logic you are using for your user session management. That falls outside the scope of DataTables as loloski says, but it will more likely require simply testing for a session variable.
Allan
I need to block direct access to a php file in a browser
Just like the example here -
http://datatables.net/examples/data_sources/server_side.html
$(document).ready(function() {
$('#example').DataTable( {
"processing": true,
"serverSide": true,
"ajax": "../server_side/scripts/server_processing.php"
} );
When a visitor enters the Url - http://datatables.net/server_side/scripts/server_processing.php in a browser, he gets a 404 error.
Any help on how to achieve this would be appreciated.
I had wondered if that was what you wanted, but I can't see how that would be possible. I'm not sure it even makes sense to be honest.
Consider for example, that there is no way to know if the data request for server_processing.php comes from an Ajax request, or someone simply typing it into an address bar. So how would you know to return a 404 or data?
At an even more basic level - what's the point? If the browser can load it, then even if you found a way to detect an Ajax request rather than in the address bar, all the user would need to do is right click and view the network connections in their browser.
Allan
One last question.
http://datatables.net/server_side/scripts/server_processing.php
When user access the above url directly from the browser, the url is giving a 404 error?
Where as the url of my website -
http://connectco.net/examples/server_side/scripts/itcompanyindex-ids-objects.php
is showing json data.
My requirement is that nobody should see the json data which is output of php file.
Kindly help me on this.
The link you give is from an old old example? Can you tell me where you got it and I'll remove the link.
The correct URL for the current example is: http://datatables.net/examples/server_side/scripts/server_processing.php . As you'll see it does show the data.
Allan
There is a link
http://datatables.net/examples/data_sources/server_side.html
Bhar
That gets its data from http://datatables.net/examples/server_side/scripts/server_processing.php . I'm not clear why you thought it come from the other URL, which as you point out is 404.
Allan