How to secure php and mySql access to prevent f?

Question

I am developing an iPhone application which logs data in a mySql database. Currently I am using ASIHTTPRequest to POST the data. A php-script then writes the data in a mySql database.

That already working I was wondering how secure it is? The problem I see here is that the php-script is a public file on the server, otherwise I would not be able to access it via the iphone. How can I prevent people from just using this script to add data that was not send by my application? Is it also possible to download the script from my server and retrieve the access information to the database?

I am new to this and hope you can help me.

Thanks in advance

Answer 1

Is it also possible to download the script from my server and retrieve the access information to the database?

No, as PHP is parsed server-side and only the parsing result is delivered to the client. Therefore your real code cannot be seen by anyone else that does not have access to your server through FTP/SSH.

That already working I was wondering how secure it is?

Simply protect the folder your script resides in with a username/password (.htaccess) and connect to it through HTTPS (for encryption) and not just HTTP. That should give you a good level of security to prevent users just calling this script directly without using your App.

P.S.: I answered to motivate you to improve your Accept Rate, As already mentioned in the comment above, please improve it, otherwise no one will help you here.