如何拒绝直接访问XML文件中的服务器 [英] How to deny direct access to an xml file in the server

问题描述

我有一个html文件的 index.html的（在我的服务器说abc.com），它访问的 xyz.js 喜欢

I have an html file index.html (in my server say abc.com) which accesses xyz.js like

<script type="text/javascript" src="xyz.js"></script>

依次JavaScript文件访问的 data.xml中文件。 该文件的 index.html的，xyz.js 和 data.xml中在同一个文件夹中。

The javascript file in turn accesses data.xml file. The files index.html,xyz.js and data.xml are in the same folder.

我怎么能拒绝直接访问的 xyz.js 和 data.xml中如果用户类型 abc.com/xyz.js 和 abc.com/data.xml 在浏览器中。 不用说 index.html的必须能够访问这些文件。

How can I deny direct access to xyz.js and data.xml if a user types abc.com/xyz.js and abc.com/data.xml in the browser. Needless to say index.html must be able to access these files.

我怎样才能做到这一点（preferably是的.htaccess ）

How can I do this(preferably with .htaccess)

推荐答案

我假设你的意思的index.html指.js文件通过脚本标签，然后在JS中的XML读取使用XMLHtt prequest或类似的东西。即：JS和XML都需要通过浏览器是可读的，但要限制这仅仅是一个批准的方式

I'm assuming you mean index.html refers to the .js file via a script tag, and then the js reads in the xml using XMLHttpRequest or something similar. ie: the js and xml both need to be readable by the browser, but you want to restrict this to only be in an "approved" way.

如果这是正确的，那么你就不能。你可以尝试寻找在Referer的，但它是不可靠的，很具有欺骗性。即使没有欺骗，许多浏览器都调试工具，可以很容易地看到每一个结果GET已经执行。

If that's right, then you can't. You could try looking at the Referer, but it's unreliable and easily spoofable. Even without spoofing, many browsers have debugging tools that make it easy to see the result of every GET that has been performed.

这是更好地只是习惯的事实，任何你发送到浏览器可能是可由用户查看，如果他们努力的还不够。

It's better to just get used to the fact that anything you send to the browser is potentially viewable by the user if they work hard enough at it.

我想对JavaScript如果你觉得这样的倾向，你可以使用混淆工具。对于XML，没有什么可以做。我想你可以对其进行加密，但是这将是容易折断作为你的JS code必然包含解密例程和密钥。

I suppose for JavaScript you could use an obfuscator tool if you feel so inclined. For XML, there isn't much you can do. I suppose you could encrypt it, but that would be easy to break as your js code will necessarily contain the decryption routine and key.

这篇关于如何拒绝直接访问XML文件中的服务器的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！