PHPDeveloper.org: Zend Developer Zone: Preventing Unwanted Access to Your API

	News Feed
	Jobs Feed

Sections

Tutorials

Books

Events

Talks

Jobs

Recent Jobs

Dave Marshall's Blog: Competition: PHP Job Hunters Handbook up for grabs

Job Posting: LIVESTRONG.com/Demand Media Inc. Seeks Senior PHP Software Developer (Santa Monica, CA)

Job Posting: Children's Hospital Boston Seeks Open Source Web Developer (Boston, MA)

Job Posting: eReleases Seeks Zend/PHP Developer (Baltimore, MD)

Job Posting: Chegg Seeks Senior PHP Developer (Santa Clara, CA)

Job Posting: TEKSystems (Recruiter) Seeks PHP Web Application Developers (Tampa, FL)

Job Posting: Quinstreet, Inc. Seeks Sr. PHP Developer (Foster City, CA)

Job Posting: WideEye Interactive/Moroch Advertising Seeks Web Developer (Dallas, TX)

Job Posting: Project People Ltd (Recruiter) Seeks PHP Developer (Paris, France)

Job Posting: Snelling (Recruiter) Seeks Web Programmer (Boston, MA)

News Archive

Evert Pot's Blog: Devshed article about SQL Injection

Site News: Blast from the Past - One Year Ago in PHP

Community News: phpGG Frontend Special

devReview.com: The Big List of PHP Frameworks

Kana Yeh's Blog: Review Ivo Jansch's Guide to Enterprise PHP development

Jani Hartikainen's Blog: Another idea for using models with forms

DevShed: PHP Programs to Prevent MySQL Injection or HTML Form Abuse

Misko Hevery's Blog: Guide: Writing Testable Code

Daniel Cousineau's Blog: Zend Framework Module Init Script (Controller Plugin)

Adobe Developer Connection: Integrated PHP and Flex Development with Zend Studio and Flex Builder

Zend Developer Zone:
Preventing Unwanted Access to Your API

by Chris Cornutt January 26, 2007 @ 09:51:00

On the Zend Developer Zone, there's a helpful hint for users out there running a web service to help keep things safe:

Ok, so you've written a cool new Web API and you've written l33t JavaScript to call it from your page. The problem is, anybody who views your source can see how you call your new toy and use it for their own nefarious purposes. Granted, sometimes this is what you want but there are times when you want to keep your toys to yourself. For those times, here is a quick trick you can implement that will help thwart most evil doers.

The quick trick involves the placement of a secret variable into the session after the user has been validated. The sample code to make it work is provided and and example Ajax call illustrates how it's used. Then all the API has to do is check for that value in the data passed along.

0 comments voice your opinion now!
prevent unwanted access web service api session prevent unwanted access web service api session

Similar Posts

Job Posting: Red Ventures Seeks Mid/Sr Web Developer (Charlotte, NC)

php|architect: Using PHP5's SOAP Support

DevShed: Storing PHP Sessions in a Database

Stefan Esser's Blog: What site do you want to break today?

PHP Appalachia: Rooms Sold Out, Registration Still Open

Community Events

Don't see your event here?
Let us know!

All content copyright, 2009 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework