alwoodman Posted October 26, 2009 Share Posted October 26, 2009 Hi Im building a platform which uses the $_SERVER['server_name'] as the unique identifier to access the database record. It allows for www.a.com, www.b.com or www.c.com to access the same database and file system but depending on what the url is...displays different information. Im wondering what the security risks are in doing this? Should i be doing a reverse lookup on specified nameservers to check its a valid domain name? thanks Lee Quote Link to comment Share on other sites More sharing options...
gizmola Posted October 26, 2009 Share Posted October 26, 2009 That information comes from the webserver and operating system. I see no issues there, although you didn't provide much information about the nature of the application or why you are using the web server name as a database key. Quote Link to comment Share on other sites More sharing options...
milesap Posted October 26, 2009 Share Posted October 26, 2009 There is no security risk in doing this, as this is processed server-side. Your scripts would grab the domain name and serve the page accordingly. Remember that all the domains are inherently valid because the DNS records would need to point to your server to load the page in the first place. Quote Link to comment Share on other sites More sharing options...
JAY6390 Posted October 26, 2009 Share Posted October 26, 2009 If this is a script running from a server other than your server you need to do mysql injection prevention on it (say for example you are using this to check license keys from a remote script etc) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.