php ajax url parameter -
is there concern if expose our php page in ajax, url param? i've seen website able hide .php or .aspx page. below production code. way improvise if poorly written it?
$("#login-submit").click(function(e){ e.preventdefault(); var vusername = $("#username").val(); var vpassword = $("#password").val(); $.ajax({ url: "postlogin.php", type: "post", data: {'action':'login-submit','username':vusername,'password':vpassword}, datatype: "json", success: function(data) { if(data.status == 'success'){ window.location.replace("index.php"); }else if(data.status == 'false'){ $('#errmsg').fadein('slow'); $("#errmsg").html(data.errmsg); }else{ $("#errmsg").html(data.status); } }, error: function(){ //window.location="profile.php"; //go error page if jquery got problem } }); });
hiding file extension seo principal. can use '.htaccess' or other site redirection tools redirecting request logical url physical path.
but if want add more security webapi must use authentication policy prevent resource access anonymous users.
Comments
Post a Comment