Anyone know a good way to protect xml data?

For instance, I want to use xml data on the backend for loading up a google map. Is there a way to make it so that users cannot access that xml data, but rather only the server itself can make a request to the xml location?

Or, for something like an iphone app, is there an easy way to protect xml content so that only your iphone application can get access to it? I guess you could encrypt/hash that data, but I am looking more for some way of just blocking access, if its possible. Maybe through the .htaccess file.

Thanks for any examples!!

8/20/2009 11:52:35 AM

is this static data? it's fairly common to provide authentication/authorization for web services. it's a little overkill to provide a web service for something that doesn't change, but if it is dynamic, web service is the traditional solution

as for htaccess, that is a very simple way, but i'm not sure how good various web access libraries are going to be at allowing those credentials to be included in web requests. i would imagine it should be common, but i haven't ever used it or even seen it done in that way. it's probably as easy as setting a http header option

[Edited on August 20, 2009 at 12:02 PM. Reason : guess]

8/20/2009 11:57:50 AM

Yeah, its static data ... thus, no php processing to allow me to just throw an auth sequence in there.

I would even be satisfied to use htaccess to limit access based on the type of OS
(in this case, it would show up with a string of "CFNetwork" in the HTTP_USER_AGENT server parameter, when being accessed from an iPhone).

But, there are other situations where I would like only my local server to be able to request the xml file, not individual users out on the net.

8/20/2009 12:30:40 PM

well you can submit remote Kml to google (like putting http://lksajdf.com/blah.kml into the search bar) and it will show map. this way you could remotely secure the kml (might work with xml) with a different scheme than the rest

8/20/2009 3:21:54 PM

Yeah, not really looking to depend on google to show the data ... maps data was just one example.

I have a bunch of different projects that I would like to open up, but still have the xml data under wraps.

8/21/2009 12:08:07 AM

You need authentication on both ends of the web service. Not too hard to do actually. On an iPhone app you can just embed an encrypted private key with the app itself, and then all you have to worry about is the server auth end of it.

8/21/2009 12:24:48 AM