[thelist] iframe: can it be protected?

kasimir-k kasimir.k.lists at gmail.com
Wed Oct 31 11:53:06 CDT 2007

Mike scribeva in 31/10/2007 15:27:
> o   Website runs on server A, including password protected area
> o   In this password protected area, there is a page with an iframe
> o   External website from server B is loaded into this iframe
> Can this external content be included in the same password protection
> that runs on server A? Normally users can open the iframe itself with a
> right mouse click, or load links into new browser tabs etc., and the
> source of the iframe window is clearly visible in the source code, so
> it would be completely open to the public.

You could read external site using curl <http://php.net/curl>, but if 
that site has internal links, you'd have to rewrite them to use your 

You must also proxy any image, script and style files, otherwise savvy 
users see what host they are coming from.

> there are some reasons to use an iframe though.

Even if you go the curl-way, there's nothing stopping you from putting 
the results in an iframe.


More information about the thelist mailing list