Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>If you are using Apache you can set allow/deny on locations.</p> <p><a href="http://www.apachesecurity.net/" rel="nofollow noreferrer">http://www.apachesecurity.net/</a></p> <p>or here is a link to the apache docs on the Deny directive</p> <p><a href="http://httpd.apache.org/docs/2.0/mod/mod_access.html#deny" rel="nofollow noreferrer">http://httpd.apache.org/docs/2.0/mod/mod_access.html#deny</a></p> <p>EDITS (responding to the new info).</p> <p>The Deny directive also works with environment variables. You can restrict access based on browser string (not really secure, but discourages casual browsing) which would still allow XHR calls. </p> <p>I would suggest the best way to accomplish this is to have a token of some kind that validates the request is a 'good' request. You can do that with a cookie, a session store of some kind, or a parameter (or some combination). </p> <p>What I would suggest for something like this is to generate a unique url for the service that expires after a short period of time. You could do something like this pretty easily with Memcache. This strategy could also be used to obfuscate the service url (which would not provide any actual security, but would raise the bar for someone wanting to make direct calls). </p> <p>Lastly, you could also use public key crypto to do this, but that would be <em>very</em> heavy. You would need to generate a new pub/priv key pair for each request and return the pubkey to the js client (here is a link to an implementation in javascript) <a href="http://www.cs.pitt.edu/~kirk/cs1501/notes/rsademo/" rel="nofollow noreferrer">http://www.cs.pitt.edu/~kirk/cs1501/notes/rsademo/</a></p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload