$ .getJSON和PHP文件 [英] $.getJSON and PHP file
问题描述
是否可以在
$(document).ready(function(){
$.getJSON("getdata.php", function(returned_data) {
if(returned_data === "1") {
$("div#wall").html('user has no subscription');
$("#message_wall").attr("disabled", "disabled");
return false;
}
});
});
因为jquery代码将在页面的源代码中可见,并且我不想让一些恶意访问者尝试对此做些事情.
Because that jquery code will be visible in source code of the page and I do not want to some malicious visitors try to do something with it.
推荐答案
简短的回答是否,您必须保护此服务器端.客户端可以运行的任何内容,他们都可以看到...,并且任何尝试为恶意软件的人都可以确定.
The short answer is no, you must secure this server-side. Anything a client can run, they can see...and anyone trying to be malicious can certainly figure out.
即使您将其隐藏在15层混淆之下,最终浏览器仍然会向网址发出请求,并且任何调试工具都可以看到FireBug,Fiddler等.
Even if you hid it under 15 layers of obfuscation, ultimately the browser still makes a request to a url, and any debugging tool can see that, FireBug, Fiddler, etc.
基于会话的方法或cookie(任何东西)任何东西来检查用户是否在服务器端已通过身份验证/授权是最好的方法.
A session based approach, or cookies, something, anything to check that the user is authenticated/authorized on the server-end is the best approach.
这篇关于$ .getJSON和PHP文件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!