I'm making a script that lets my users open the page, vote for our site, and then get a password to some restricted content on the site. However, I plan on storing the password in a file outside public_html so it cannot be read directly from the source code.
Is there any way to do an AJAX call to a file above public_html? I don't want to AJAX to a file inside public_html that will read the file, it'll just defeat the purpose.
I'm making a script that lets my users open the page, vote for our site, and then get a password to some restricted content on the site. However, I plan on storing the password in a file outside public_html so it cannot be read directly from the source code.
Is there any way to do an AJAX call to a file above public_html? I don't want to AJAX to a file inside public_html that will read the file, it'll just defeat the purpose.
Share Improve this question asked Oct 1, 2010 at 2:34 esqewesqew 44.8k28 gold badges130 silver badges171 bronze badges 1- 2 You're rewarding a vote for your site with access to restricted content? ...you're bribing your users? ...where's your site? =D – David Thomas Commented Oct 1, 2010 at 2:43
5 Answers
Reset to default 5Not directly, no. And, frankly, thank goodness for that (since js is executed client-side, and the client should never have access to the web-server above public_html).
You can, however, use Ajax to call a php script inside the web root that has access to documents outside of the web-root. This way you're still keeping the password out of public reach, but still allowing your users to make use of it.
The down-side is that the password might make it to the client-side in the Ajax call (depending on what your Ajax call does). Basically, if JS can get access to the password then so can any interested user.
No, you cannot do that.
The web server does not allow you to do that.
Also, it is highly insecure to expose access to non public_html files on the server.
No, you can't have an AJAX call to a file that's not served by the web server (I'm assuming the file above public_html doesn't have an apache ALIAS or virtual directory setup).
To acplish what you're trying to do, create a script (php?) on your site that AJAX calls and this script will either:
- Read the password file wherever it is on the system (assuming the file has the correct file permissions)
- Embed the password within the script itself since the source code of the script can't be retrieved.
No. An AJAX request is simply a request like any other that loads a resource from your server. The only difference is that it exposes the result to javascript on an already loaded page instead of loading a new page. So if an AJAX request can get this secure file, than anyone can.
You could setup a proxy script in some web application programming language to fetch the file from disk and send it along for you. But then it wouldn't be much different from putting the file right in the public directory.
You may need to rethink your approach here.
Why don't you do an AJAX call to some view function on the server that can access the file you need and then return whatever data to the AJAX request?
发布者:admin,转转请注明出处:http://www.yc00.com/questions/1744292585a4567107.html
评论列表(0条)