duanbin4847 2010-11-08 15:36
浏览 58
已采纳

如何拒绝直接访问AJAX目录中的文件

I have several pages that call in content via jQuery .ajax. I dont want the content visible on the page so thats why I went with .ajax and not showing/hiding the content. I want to protect the files inside the AJAX directory from being directly accessible through the browser url. I know that PHP headers can be spoofed and dont know if it is better to use an "access" key or try doing it via htaccess.

My question is what is the more reliable method? There is no logged on/non logged user status, and the main pages need to be able to pull in content from the pages in the AJAX directories.

thx

  • 写回答

3条回答 默认 最新

  • drrog9853 2010-11-08 15:40
    关注

    Make a temporary time-coded session variable. Check the variable in the php output file before echoing the data.

    OR, if you don't want to use sessions.. do this:

    $key = base64encode(time().'abcd');

    in the read file: base64decode explode by abcd read the time. Allow 5 seconds buffer. If the time falls within 5 seconds of the stamped request. You are legit.

    To make it more secure, you can change your encrypting / decrypting mechanism.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(2条)

报告相同问题?

悬赏问题

  • ¥15 使用C#,asp.net读取Excel文件并保存到Oracle数据库
  • ¥15 C# datagridview 单元格显示进度及值
  • ¥15 thinkphp6配合social login单点登录问题
  • ¥15 HFSS 中的 H 场图与 MATLAB 中绘制的 B1 场 部分对应不上
  • ¥15 如何在scanpy上做差异基因和通路富集?
  • ¥20 关于#硬件工程#的问题,请各位专家解答!
  • ¥15 关于#matlab#的问题:期望的系统闭环传递函数为G(s)=wn^2/s^2+2¢wn+wn^2阻尼系数¢=0.707,使系统具有较小的超调量
  • ¥15 FLUENT如何实现在堆积颗粒的上表面加载高斯热源
  • ¥30 截图中的mathematics程序转换成matlab
  • ¥15 动力学代码报错,维度不匹配