The script uses an XML file to display some info and it works fine. The problem is that when someone views the source they will be able to access the XML file and the info will be revealed. Is there any way to prevent users from directly accessing the XML file without password protecting it? So what I basically want is that when the user goes to site.com/data.xml nothing will be displayed, but the script will still be able to access it without any problems. Thanks,
Can you use the "HTTP_REFERER" environment variable on your server ? If yes, you need a simple mod_rewrite rule on your server to run a server program when somebody request your XML. That program will check the HTTP_REFERER value and returns the XML only when is requested by your script. Caution: This method won't work 100% because some browsers are configured to send "referer" info to blank.