Reputation: 167
Calling php page in a secure way
I am creating a payment app for Android and using php and MySQL in Backend.
I have a PHP page where I m doing all API calls when the Android app sends a request for it.
But my concern is that if anyone discovers that link then she/he will be able to access that page will perform that task for him.
- So How can I secure that page to be accessed by unique request by unique user?
Any kind of help would be greatly appreciated
Upvotes: 1
Views: 127
Answers (1)
Reputation: 3212
Long story short - you can't be sure where a request comes from.
Your app can set a User-Agent HTTP header (see 14.43), and you can check against it on your back-end server. However this can easily be spoofed, and I'd recommend against doing that for pretty much any kind of back-end service.
I'd also strongly recommend against coding your own payment method under any circumstance, unless you are absolutely sure what you're doing. And I can tell you're not, because you're asking this question. Only use APIs from trusted financial services.
Upvotes: 3
Related Questions
- How can I prevent SQL injection in PHP?
- UTF-8 all the way through
- How do you parse and process HTML/XML in PHP?
- Deleting an element from an array in PHP
- Reference Guide: What does this symbol mean in PHP? (PHP Syntax)
- Secure hash and salt for PHP passwords
- How does PHP 'foreach' actually work?
- Is there a way to run Python on Android?
- Why shouldn't I use mysql_* functions in PHP?
- How should I ethically approach user password storage for later plaintext retrieval?