Reputation: 37
Securing GET call
I have a file, caller.php, which takes a GET URI that specifies a value to search the database for. The data is then returned in JSON format using php.
I want to protect caller.php so that it is only accessible from another page, get.php, using an AJAX call.
What is the best way to go about this?
Upvotes: 1
Views: 180
Answers (2)
Reputation: 6406
You could check the session to see if the call is authorized or not. AJAX requests will send you the PHP session cookie. This assumes that caller.php is secured by some kind of user login system that uses sessions
Upvotes: 3
Reputation: 449515
I want to protect caller.php so that it is only accessible from another page, get.php, using an AJAX call.
You can't. An AJAX call can be easily faked, as can its origin.
There is no reliable way for you on server side to tell whether a call is an Ajax one or not, nor where it came from.
You need to secure your Ajax resource the same way you would secure a normal page - e.g. through an authorization system like a user login, etcetera.
Without such an authorization system in place, you have to assume that everyone can access the URL.
Upvotes: 9
Related Questions
- Secure ajax GET/POST request for server
- Making a secure rest get request
- $_GET php security
- PHP protection of GET parameters
- What are the ways to secure an AJAX request?
- How to add security while using GET and POST method?
- Handle $_GET safely PHP
- $_POST, $_GET and Security
- How do i make $_GET more secure.?
- HTTP 'Get' Security