troubleshooting Question

What is the best practice for securing XMLfile but still allowing access to Javascript

Avatar of zerg_rush
zerg_rushFlag for United States of America asked on
Scripting LanguagesWeb ApplicationsAJAX
12 Comments1 Solution331 ViewsLast Modified:
I would like to use the Timeline widget from the SIMILE project at MIT.

No problems here it took me only 15 minutes to download and setup.  My question regards securing the data that is passed to the DHTML/AJAX widget.  

I use PHP 5 to authenticate users and check authorization against a MySQL database.  If the user has the appropriate authorization a XHTML 1.0 strict webpage is dynamically created with the Timeline and other information.

It looks like the easiest way to pass the information to the widget is by simply telling the widget's Javascript  where it can find one or more XML files.  I would prefer to use this method and as far as I can tell it's the only way at the moment.  This is not a problem as I can either generate the XML file before the page is created or update an existing file to include the most current information.  Regardless of when or how the XML file is generated Javascript needs to be able to access it but i don't want just anyone to be able to access it, only those users that have been authenticated and authorized by the database.  The users' authorizations are stored in a PHP session.

I have thought about creating the XML file as needed.  Then letting Javascript get the data and generate the Timeline.  After the Timeline has generated I would immediately delete the file as the Timeline works independently once generated.  I'm left with a couple of questions on how to do that last part?

 What program, process or script will delete the file?
 What will prompt this program, process or script to run?
 Where should the file be stored between the time it is created and deleted?

I think I may be taking the wrong approach.  I feel that there is a simpler solution and that I just have a gap in my knowledge of Redhat, Apache, Javascript, XML or something.

Please let me know how you would approach the problem of securing the XML file against unauthorized users yet still allowing Javascipt access.  If you think my approach is the best or only solution please answer my three questions.

I was able to easily setup of the religious Timeline example they have here.  So I don't have any code for you other than what is on the SIMILE website.

Dedicated Server Specifications
Apache 2
I am the administrator and I have root access.
Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 1 Answer and 12 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 12 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros