I have a web application that has been coded in Yii.
One such module in the application has a classified page that has been coded using CListView. I have made some modifications to the jquery.yiilistview.js by which I am able to POST data to a particular action which inturn returns the next set of data items to be filled in the pagination view.
Now my question is, Is there any way I can secure my Action API so that it returns the data only if the request parameters have been posted by my site.
[ie: I dont want there to be a an "easy" way to get the data contained in my classifieds by using some sort of a cron or a CURL script or by any other mechanism]
You can use Yii's CSRF-Prevention Feature although it is commonly used if you have a form to submit
Why not just check the IP address of the requester using $_SERVER['REMOTE_ADDR']? Only let the function run for your IP address. That way unless they spoof their IP you are safe.