Javascript setInterval function

Question

I have a page where it shows users posts and refreshes automatically using the jQuery setInterval function.

$(document).ready(function(){
setInterval(function() {
      $('#content').load('test.php');
}, 5000);
});

But the problem is I am going to have to create a duplicate page called test.php containing the same content which will be called every 5 seconds. I don't want people just viewing the source and finding the page with all the data on.

For example this site has a recent forum topics page which updates every couple of seconds, http://awesomescreenshot.com/0d4o0n2e0

I look in the page source and find the link to the page and this is what I find http://awesomescreenshot.com/0a2o0n691

I don't want people to be able to find that...

Is there a better way round this jQuery function? E.g. calling a php function to just run the query which will be in the test.php file?

Answer 1

Thinking about security by thinking where the data is going isn't quite right. Instead think about who has access to it. If you don't serve that data from the PHP to someone who shouldn't see it in the first place, then it doesn't really matter how they view it.

So your test.php needs to have security around it that hooks into your authentication. In psuedocode:

if (current user is authorized)
  send data
else
  403 Access Forbidden

Security through obscurity will only hurt you in the long run. Even if you could obscure the location of that data, it leaves open the possibility that someone may find it eventually. So do the security on the backend, out of reach of hackers, instead.