Is it possible to hide name of *.php file in
$(document).ready(function(){
开发者_StackOverflow$.getJSON("getdata.php", function(returned_data) {
if(returned_data === "1") {
$("div#wall").html('user has no subscription');
$("#message_wall").attr("disabled", "disabled");
return false;
}
});
});
Because that jquery code will be visible in source code of the page and I do not want to some malicious visitors try to do something with it.
The short answer is no, you must secure this server-side. Anything a client can run, they can see...and anyone trying to be malicious can certainly figure out.
Even if you hid it under 15 layers of obfuscation, ultimately the browser still makes a request to a url, and any debugging tool can see that, FireBug, Fiddler, etc.
A session based approach, or cookies, something, anything to check that the user is authenticated/authorized on the server-end is the best approach.
What you should do is secure your the url request at getdata.php so that nobody else expect authorised users can perform action on it. like you can add if clause in your getdata.php
save ur URL at server side and then rename it ie gd="getdata.php".... after that pass it client side so that your code gets hidden and none except too expert can get yout URL... I think It should work
精彩评论