CODEWITHSUNDEEP
phphtmlsecurityencryptionhash
user188962
user188962

Reputation:

Secure a PHP file; how?

I have a classifieds website, and a partner of us (who runs another classifieds website) need to have access to a file on our server.

The file is called 'partner.php'.

This file simply prints out some information about the classifieds on our site.

So for our partners, they would just need to access "www.domain.com/partner.php?id=1234" to have access to that information.

I am planning to add a hash to the Url, so that outsiders don't have access to the file. But I don't know how to do this...

Is there anybody who could point me in the right direction?

I have been told on phone that I can use a "32 length MD5 string and add it to the URL", but I have really no clue how to start, or what they meant by this?

Anybody know what they mean?

Examples is appreciated.

Thanks

Upvotes: 3

Views: 206

Answers (4)

Xerri
Xerri

Reputation: 5046

Is it possible to use a different approach?

Maybe you can use a .htaccess to only allow access to the file from certain IP addresses.

Check out this page on .htaccess. There is a section called Restricting by IP Address

Upvotes: 1

Alex Rashkov
Alex Rashkov

Reputation: 10015

Or you can use both the Hash key and IP verification. If your partner is using just one computer/server to access your file you can check the hash key and the users IP address.

$ip = $_SERVER['REMOTE_ADDR'];

Upvotes: 1

selfawaresoup
selfawaresoup

Reputation: 15832

You could use HTTP Authentication, for example via .htaccess

Adding a hash to the URL means that you pass a GET-Parameter to the script and check it when the script starts. If the value is not the expected one, the script can simply die(); or throw some kind of error.

But I'd really NOT recommend the hash-thing, it's a bad idea.

Upvotes: 0

Pekka
Pekka

Reputation: 449395

I am planning to add a hash to the Url, so that outsiders don't have access to the file. But I don't know how to do this...

don't do it this way. A hash is fine for one-time links like E-Mail confirmation, but not for sensitive info. The hash will be present in the user's history, cache and in Proxy protocols; it can be shared accidentally.

You need to look into building proper, login-based authentication.

Some starting points:

Upvotes: 2

Related Questions