Reputation: 371
Protecting SQL Server for Private Usage
So I have an issue. I have a server, lets call it (testserver.net). Right now, to change the database, from my application, my app runs "testserver.net\add.php". The problem is anyone can run that and change things in my database. How do I make it that needs some sort of verification before running the code in add.php so no one can just have access to my server? (Like a password or something).
Upvotes: 0
Views: 68
Answers (3)
Reputation: 1103
create a token : 1MBASFDFACAUYTUG^%(!@UUIASNSR*_-+LASQWFVSA4QWYUI12670 ,save this token safely with in your application.
Whenever you want to call the add.php pass the token like :
testserver.net?token=1MBASFDFACAUYTUG^%(!@UUIASNSR*_-+LASQWFVSA4QWYUI12670
add.php
$secret = $_POST['secret']; //use post or get
if($secret != $mySavedSecret){
die('intruder!!')
}
Upvotes: 1
Reputation: 682
You need to perform Authentication followed by Authorization. In PHP there are many frameworks which support this.
pls check this for basic authentication
https://book.cakephp.org/2.0/en/tutorials-and-examples/blog-auth-example/auth.html
or you can use popular frameworks and follow their tutorials to perform this.
check this php micro framework Slim
Upvotes: 0
Reputation: 7308
Place you add.php file in separate folder and password protect it, or you may use Password protect a specific URL solution
Upvotes: 0
Related Questions
- Is this a secure way of connecting to an SQL server?
- How to connect android to mysql database securely
- How to protect a MySQL database from unauthorized access and securely connect to it from a Java application
- Android. How to protect your database?
- Security between Android app and external database
- Securing database information inside Java application
- PHP and SQL Server, how to make it secure?
- Securing PHP MySQL code
- Prevent third-party connections to SQL database (from config.php file)
- Securing php application