How to Hide database values from direct indexing
How to Hide database values from direct indexing
I noticed that by writing the direct root to my php server script file, I can get my whole database table on the screen. Ex: www.homepage.com/folder/phpServerScriptFile.php will display:
{"data":[{"DT_RowId":"row_123","id":"123","first_name":"Bryan","last_name":"Jimenez ","email":"bjim@mail.com" (...) }],"options":[],"files":[]}
How can I prevent anyone from displaying my whole table like this?
This question has accepted answers - jump to:
This discussion has been closed.
Answers
Add a check to the code something like:
That will check for a DataTables server-side processing data fetch request, or an Editor submit action. If neither, exit.
Allan
Thank you! Now i'm getting an error. Apparently its not verifying if it's a DataTables server-side request. When I remove the code te request is accepted, but when I add the code it gives in a error. The server response doesn't show anything either.
Can you link me to the page showing the issue so I can help debug it please.
Allan
I sent it via email
Oh I see - I had assumed you were using server-side processing. In which case remove the code I suggested. The answer is different!
You can't. If you want it to be accessible from the web, it needs to be accessible from the web! You could have the Ajax request DataTables makes include a "key" and require that key in the request, but that would be trivial to workaround.
Allan
Ok, thanks Allan!