I try to access my php file with javascript but it isn’t work. I’ve protected my file with this block of code to prevent user direct access from a browser, it prevents script access as well:
$URL = $_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'];
$slice = explode('/', $URL);
if ($slice[2] == "customer_info.php") {
die("sry, no acces rights");
}
The file contains sensitive JSON data so it can be viewable on a browser.
Thank you,
So I assume you need to use the JSON data in JavaScript but prohibit users from accessing it directly in customer_info.php?
You can detect the HTTP referer in customer_info.php by $_SERVER[‘HTTP_REFERER’]. If it’s from your own site, then it’s OK to display the information. If there’s no referer or a different referer other than your own site, deny access. But this can be forged. You don’t have confidentiality of anything you send to the client.
How sensitive the JSON is? If it is too sensitive, you shouldn’t be using it in JavaScript in the first place.
I agree with yangyang. There are small measures that you can take to ensure that it is difficult for your users to access the data (such as checking the referer) but ultimately these can all be negated.
What it boils down to, is that the client side is the wrong place to handle sensitive data.
Maybe in your case an authentication system would be better, so that you only display information based on the credentials a user supplies.
Thank you,
So I should store it server side.
Essentially everything is stored server-side anyway.
I’m suggesting that you get users to sign in and limit what they can access depending on their login credentials.
That way you can specify who views what and don’t have to worry about someone guessing a URL that would display sensitive info.