$ .getJSON和PHP文件 [英] $.getJSON and PHP file

问题描述

是否可以在

$(document).ready(function(){
$.getJSON("getdata.php", function(returned_data) { 
    if(returned_data === "1") {
        $("div#wall").html('user has no subscription');
        $("#message_wall").attr("disabled", "disabled");
        return false;
    }
});

});

因为jquery代码将在页面的源代码中可见，并且我不想让一些恶意访问者尝试对此做些事情.

Because that jquery code will be visible in source code of the page and I do not want to some malicious visitors try to do something with it.

推荐答案

简短的回答是否，您必须保护此服务器端.客户端可以运行的任何内容，他们都可以看到...，并且任何尝试为恶意软件的人都可以确定.

The short answer is no, you must secure this server-side. Anything a client can run, they can see...and anyone trying to be malicious can certainly figure out.

即使您将其隐藏在15层混淆之下，最终浏览器仍然会向网址发出请求，并且任何调试工具都可以看到FireBug，Fiddler等.

Even if you hid it under 15 layers of obfuscation, ultimately the browser still makes a request to a url, and any debugging tool can see that, FireBug, Fiddler, etc.

基于会话的方法或cookie(任何东西)任何东西来检查用户是否在服务器端已通过身份验证/授权是最好的方法.

A session based approach, or cookies, something, anything to check that the user is authenticated/authorized on the server-end is the best approach.

这篇关于$ .getJSON和PHP文件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！