Help on Javascript Protection

[iosoft]

Hello,

I need a help to protect my Javascript execution.

I have written a Javascript which is actually generated by a PHP script.

http://mysite.com/services/service1.js.php

In the remote site, webmasters/site-owners can get the service by simply adding this code -

Say in http://othersite.com/page.html -

<div id="service1">

<script src="http://mysite.com/services/service1.js.php?param1=val1&param2=val2&param3=val3" type="text/javascript"></script>

</div>

Now, the system is working flawlessly :cool2:

Now, I want that only pre-defined remote servers can get the service and not all.



How to do this authentication ?

 

[Checksum]

I'm not sure about this, but give it a shot. Since your using a php script, try using the $_SESSION['HTTP_REFERER'] variable to check the referrer url. Then you can perform a simple if else loop to process it.

 

[iosoft]

^ actually currently it is working with it. But $_SESSION['HTTP_REFERER'] is NOT secure enough

 

[Checksum]

Then use a simple authentication mechanism. Assign keys to the required websites, and include them as POST fields. On the server, you can check a database and compare the keys.