Richard Lynch wrote:
On Fri, May 11, 2007 9:59 pm, heavyccasey@xxxxxxxxx wrote:Set ajaxObject.setRequestHeader("User-Agent","SecretName"); in Javascript and check for it in PHP. Not fool-proof, but the average person wouldn't be able to get in.Unless the user "View Source" and read your AJAX code... This is not going to stop any serious attempt, but as one more defense-in-depth mechanism, it wouldn't hurt.
Unless the user is using a browser or going through a proxy that strips or replaces the User-Agent header.
-Stut -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
