0

I have a page where it shows users posts and refreshes automatically using the jQuery setInterval function.

$(document).ready(function(){
setInterval(function() {
      $('#content').load('test.php');
}, 5000);
});

But the problem is I am going to have to create a duplicate page called test.php containing the same content which will be called every 5 seconds. I don't want people just viewing the source and finding the page with all the data on.

For example this site has a recent forum topics page which updates every couple of seconds, http://awesomescreenshot.com/0d4o0n2e0

I look in the page source and find the link to the page and this is what I find http://awesomescreenshot.com/0a2o0n691

I don't want people to be able to find that...

Is there a better way round this jQuery function? E.g. calling a php function to just run the query which will be in the test.php file?

Improve this question
11
  • 11
    Just of Note setInterval() is not a jQuery function but native to JavaScript Commented Nov 9, 2011 at 20:17
  • 5
    No matter what, people will be able to 'find the page with the data on it.' You can't hide anything on the web. Commented Nov 9, 2011 at 20:17
  • @Frank, I suppose this question does not have anything to do with SQL or database so I've removed the SQL tag. Commented Nov 9, 2011 at 20:19
  • 3
    Per @BNL - you're retrieving that resource with a script already. The data is available in the browser. It shouldn't matter if they can see that URL or not; the PHP resource itself should implement any security measures you deem fit (sessions, for example). Commented Nov 9, 2011 at 20:25
  • 1
    @Frank, You can't hide it. Download this and take a look for yourself: fiddler2.com/fiddler2 Or, just use the debugging tools available in your browser. Commented Nov 9, 2011 at 20:40

1 Answer 1

Reset to default
3

Thinking about security by thinking where the data is going isn't quite right. Instead think about who has access to it. If you don't serve that data from the PHP to someone who shouldn't see it in the first place, then it doesn't really matter how they view it.

So your test.php needs to have security around it that hooks into your authentication. In psuedocode:

if (current user is authorized)
  send data
else
  403 Access Forbidden

Security through obscurity will only hurt you in the long run. Even if you could obscure the location of that data, it leaves open the possibility that someone may find it eventually. So do the security on the backend, out of reach of hackers, instead.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.