|
|
Posted by geek7 on 01/03/07 15:56
Thank you much for the replies. Question though, I would like to use
authentication since I already am using that for the site. I use a
php/mysql with session_start (not sure what that's called) as
authentication. However, I can't seem to figure out how to add this to
the php scripts I am calling since they are being called from a
javascript function (i suppose this would fall under the realm of
AJAX). Should the session variable still be available from these
addTicket.php, getTickets.php..ect? Thanks again!
Rik wrote:
> geek7 wrote:
> > Hello all! I have written a helpdesk ticket webapp which uses many
> > javascript calls to different php scripts to update a mysql database.
> > My question is, a) is there a way to prevent access from users trying
> > to access the php scripts via a URL..ex..
> >
> > http://www.???.org/scripts/getTickets.php?tid=3234&user=jdoe
> >
> > and if so, b) what is the best way to do this?
>
> 1. Use HTTPS, HTTP is not secure.
> 2. Authenticate, either by authenticationheaders sent to the server or by
> some cookie/session.
> --
> Rik Wasmus
Navigation:
[Reply to this message]
|