Hide ajax server-side php script in sourcecode - Security Issue

Paladium

Hi there,

is there a way to hide the ajax-source php-file from which i gather the data? Right now everyone who looks into the sourcecode can see my datasource-file and can access the data. This is a big security issue!

Please help.
Markus

GregP

Being able to see a resource in source is the defacto standard of the web. If security is an issue, you need to be using server sessions. Then when a browser requests the resource, you first check to see if it has a valid session. If not, you simply don't return the resource.

Anything else would be a hack.

fbas

short of encoding the data and having it decode in javascript, no.

and anyone running your page will have access to the decoding key and/or algorithm, in which case it's not really secure either.