Reputation: 4164
PHP/Javascript security
I have 1 JavaScript file that will post messages on Facebook. I can call this file using
{'message': 'This is a message'}
as POST parameters and it will publish it on Facebook.
It's location is /request/facebook.php. Now I thought about this. Anyone can call this file and post messages on my Facebook account! How can I protect this file, so it can only be called from a few servers? I know their IP addresses. And how can I call it then from my own server (without the loss of security)?
Upvotes: 2
Views: 296
Answers (2)
Reputation: 712
IP restriction is a good start, but IP's change every once in awhile.
I would consider using a username/password or some sort. It doesn't need to be overly complex, as long as the transmission of the key/password is encrypted.
Upvotes: 2
Reputation: 39480
You need to implement some sort of security on your site, to prevent just anyone from invoking your server script. IP restriction is certainly viable.
Upvotes: 0
Related Questions
- AJAX with PHP on Web - Security
- securing php code from ajax / javascript misuse
- PHP - Only allow access via AJAX
- javascript and php security
- Secure ajax script (javascript requested PHP script)
- Security of ajax serving php file
- Ajax with PHP Security Concern
- PHP and AJAX Security
- AJAX Security Help
- PHP script protection