Protecting ajax-controllers globally - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20) +--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23) +--- Thread: Protecting ajax-controllers globally (/showthread.php?tid=55455) |
Protecting ajax-controllers globally - El Forum - 10-27-2012 [eluser]Unknown[/eluser] Under AJAX-controller I mean a function of controller that handles only AJAX-requests. Is there any methods against protecting ajax-controllers from spam of non my domain requests, DoS, etc? I mean we can check HTTP_X_REQUESTED_WITH, HTTP_REFERER, session cookie (since AJAX-calls can be maid only from pages of my site and each page sets session cookie) and soon HTTP_ORIGIN. In my config I use best practices: Code: $config['sess_encrypt_cookie'] = TRUE; Could I write something like this? Code: <?php if ( ! defined('BASEPATH')) exit('error'); In AJAX-controller I do additional check: Code: public function my_super_duper_ajax_controller() |