Solved

Limit database access to a specific firefox extension

Posted on 2006-07-10
6
341 Views
Last Modified: 2008-01-09
How can I limit the data in my website only to a specific firefox extension that I want to create?

For example:
I checked the source code of the forecastfox extension, and forecastfox access data from accuweather.com by accessing the following url:
http://forecastfox.accuweather.com/adcbin/forecastfox/locate_city.asp?location=

When I tried to access that url, I got the following:

<adc_database>
<citylist us="0" intl="0" extra_cities="0">
      </citylist>
<copyright>Copyright 2006 AccuWeather.com</copyright>
&#8722;
      <use>
This document is intended only for use by authorized licensees of AccuWeather.com. Unauthorized use is prohibited. All Rights Reserved.
</use>
<product>Forecastfox</product>
<redistribution>Redistribution Prohibited.</redistribution>
</adc_database>

My question, if I want to create a firefox extension to fetch data from my website, how do I limit the data access only to my extension? I want to make sure other website can't fetch or crawl the data from my website.

Thanks.
0
Comment
Question by:screwdriver
  • 2
6 Comments
 
LVL 1

Expert Comment

by:minzliu
Comment Utility
Im guessing the site is verifying each user using http headers, ie the "User-Agent" header. you can write a script to match the "User-agent" and if they dont match, simply display a error msg.

so if u made a firefox extension, simply change the user-agent to something u want it to be, and put conditions on your site to match it. in php u can retrieve the "user-agent" using $_SERVER['HTTP_USER_AGENT'].
0
 
LVL 13

Accepted Solution

by:
PraxisWeb earned 250 total points
Comment Utility
User-Agent = Browser... I think it is more along the lines of DNS/IP lookup for requests:

have your authorized users in some form of persistent storage, when a request comes in check the headers to find out who made the request and check it against your "approved" list.

If you want it to be only from your site you could also use the referrer - if it is not referred by your site then deny the request.
0
 
LVL 1

Assisted Solution

by:minzliu
minzliu earned 250 total points
Comment Utility
the useragent can be changed, especially with a firefox extension. it can even be changed using javascript, but i cant quite remember how.

i know u can change IE's user agent in the registry.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Deprecated and Headed for the Dustbin By now, you have probably heard that some PHP features, while convenient, can also cause PHP security problems.  This article discusses one of those, called register_globals.  It is a thing you do not want.  …
"In order to have an organized way for empathy mapping, we rely on a psychological model and trying to model it in a simple way, so we will split the board to three section for each persona and a scenario and try to see what those personas would Do,…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now