How to Hide database values from direct indexing

How to Hide database values from direct indexing

bjshortybjshorty Posts: 20Questions: 6Answers: 0

I noticed that by writing the direct root to my php server script file, I can get my whole database table on the screen. Ex: www.homepage.com/folder/phpServerScriptFile.php will display:

{"data":[{"DT_RowId":"row_123","id":"123","first_name":"Bryan","last_name":"Jimenez ","email":"bjim@mail.com" (...) }],"options":[],"files":[]}

How can I prevent anyone from displaying my whole table like this?

This question has accepted answers - jump to:

Answers

  • allanallan Posts: 63,516Questions: 1Answers: 10,472 Site admin
    Answer ✓

    Add a check to the code something like:

    if ( ! isset($_POST['draw']) || ! isset($_POST['action']) ) {
      exit;
    }
    

    That will check for a DataTables server-side processing data fetch request, or an Editor submit action. If neither, exit.

    Allan

  • bjshortybjshorty Posts: 20Questions: 6Answers: 0
    edited August 2016

    Thank you! Now i'm getting an error. Apparently its not verifying if it's a DataTables server-side request. When I remove the code te request is accepted, but when I add the code it gives in a error. The server response doesn't show anything either.

  • allanallan Posts: 63,516Questions: 1Answers: 10,472 Site admin

    Can you link me to the page showing the issue so I can help debug it please.

    Allan

  • bjshortybjshorty Posts: 20Questions: 6Answers: 0

    I sent it via email

  • allanallan Posts: 63,516Questions: 1Answers: 10,472 Site admin
    Answer ✓

    Oh I see - I had assumed you were using server-side processing. In which case remove the code I suggested. The answer is different!

    How can I prevent anyone from displaying my whole table like this?

    You can't. If you want it to be accessible from the web, it needs to be accessible from the web! You could have the Ajax request DataTables makes include a "key" and require that key in the request, but that would be trivial to workaround.

    Allan

  • bjshortybjshorty Posts: 20Questions: 6Answers: 0

    Ok, thanks Allan!

This discussion has been closed.