Solved

Limit database access to a specific firefox extension

Posted on 2006-07-10
6
351 Views
Last Modified: 2008-01-09
How can I limit the data in my website only to a specific firefox extension that I want to create?

For example:
I checked the source code of the forecastfox extension, and forecastfox access data from accuweather.com by accessing the following url:
http://forecastfox.accuweather.com/adcbin/forecastfox/locate_city.asp?location=

When I tried to access that url, I got the following:

<adc_database>
<citylist us="0" intl="0" extra_cities="0">
      </citylist>
<copyright>Copyright 2006 AccuWeather.com</copyright>
&#8722;
      <use>
This document is intended only for use by authorized licensees of AccuWeather.com. Unauthorized use is prohibited. All Rights Reserved.
</use>
<product>Forecastfox</product>
<redistribution>Redistribution Prohibited.</redistribution>
</adc_database>

My question, if I want to create a firefox extension to fetch data from my website, how do I limit the data access only to my extension? I want to make sure other website can't fetch or crawl the data from my website.

Thanks.
0
Comment
Question by:screwdriver
  • 2
6 Comments
 
LVL 1

Expert Comment

by:minzliu
ID: 17074175
Im guessing the site is verifying each user using http headers, ie the "User-Agent" header. you can write a script to match the "User-agent" and if they dont match, simply display a error msg.

so if u made a firefox extension, simply change the user-agent to something u want it to be, and put conditions on your site to match it. in php u can retrieve the "user-agent" using $_SERVER['HTTP_USER_AGENT'].
0
 
LVL 13

Accepted Solution

by:
PraxisWeb earned 250 total points
ID: 17074243
User-Agent = Browser... I think it is more along the lines of DNS/IP lookup for requests:

have your authorized users in some form of persistent storage, when a request comes in check the headers to find out who made the request and check it against your "approved" list.

If you want it to be only from your site you could also use the referrer - if it is not referred by your site then deny the request.
0
 
LVL 1

Assisted Solution

by:minzliu
minzliu earned 250 total points
ID: 17074457
the useragent can be changed, especially with a firefox extension. it can even be changed using javascript, but i cant quite remember how.

i know u can change IE's user agent in the registry.
0

Featured Post

Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo‚Ķ
Viewers will get an overview of the benefits and risks of using Bitcoin to accept payments. What Bitcoin is: Legality: Risks: Benefits: Which businesses are best suited?: Other things you should know: How to get started:
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question