blakestar Posted November 18, 2009 Share Posted November 18, 2009 Would it be possible to ONLY parse a PHP File/Script if called by the local server? I know its possible to use HTTP_REFERRER but this can be too easily hacked. A page I have on our site uses some flash to include some data, if you view the source code of this page you can see the file name it calls (ex: domain.com?fileex=CallThisFileForData.php). Is it possible in the PHP code of CallThisFileForData.php to ensure that the server is the one requesting the file and not just someone typing CallThisFileForData.php into their browser. Hope that all made sense? Quote Link to comment https://forums.phpfreaks.com/topic/182047-use-php-to-secure-a-local-file/ Share on other sites More sharing options...
MadTechie Posted November 18, 2009 Share Posted November 18, 2009 if($_SERVER['REMOTE_ADDR'] == $_SERVER['SERVER_ADDR']){ echo "I am Self!"; } But isn't flash client sided! Quote Link to comment https://forums.phpfreaks.com/topic/182047-use-php-to-secure-a-local-file/#findComment-960260 Share on other sites More sharing options...
blakestar Posted November 18, 2009 Author Share Posted November 18, 2009 Yes, Flash is client loaded but you can pass the SWF Object certain parameters via a GET post (myflash.swf?LoadData=CallThisFileForData.php). I want to make sure that only the server can get the returned data from that file. If someone types that .php file into their browser or tries using some other function, program, etc. to get the returned data, it will not parse! Quote Link to comment https://forums.phpfreaks.com/topic/182047-use-php-to-secure-a-local-file/#findComment-960353 Share on other sites More sharing options...
MadTechie Posted November 18, 2009 Share Posted November 18, 2009 Yes, Flash is client loaded but you can pass the SWF Object certain parameters via a GET post (myflash.swf?LoadData=CallThisFileForData.php). Exactly.. The post will be client based NOT server thus its NOT on the same server! I want to make sure that only the server can get the returned data from that file. If someone types that .php file into their browser or tries using some other function, program, etc. to get the returned data, it will not parse! Why not have the Flash file open the php script directly instead of having it as a parameter, you could also create a handshake and a authentication method, However as everything client side can be controlled by the client this is not secure either, but without knowing what your trying to do it will be almost impossible to resolve. Quote Link to comment https://forums.phpfreaks.com/topic/182047-use-php-to-secure-a-local-file/#findComment-960450 Share on other sites More sharing options...
blakestar Posted November 23, 2009 Author Share Posted November 23, 2009 Here is a general example of what I am trying to secure. On the web page a user can click/rollover a link which loads a .php file in a <div> using AJAX, in this case the file line_chart.php: >>>>>> <a href="javascript:" onMouseOver="loadfile('graphs','line_chart.php');"><img src="images/graph_line.gif" border="0"></a> <div id="graph" name="graph"></div> >>>>>> This method works great at "Somewhat" securing the output of the file line_chart.php because it is loaded in the div and a 'View Source' command doesn’t reveal the true output of line_chart.php. What I am attempting to avoid is a user then simply opening a browser window and opening the file directly (http://www.domain.com/line_chart.php)! The line_chart.php should only be parsed if called via that AJAX command! Is this possible to do? Quote Link to comment https://forums.phpfreaks.com/topic/182047-use-php-to-secure-a-local-file/#findComment-964133 Share on other sites More sharing options...
MadTechie Posted November 26, 2009 Share Posted November 26, 2009 Their isn't going to be a foolproof way as your call will always come from the clients PC, I covered this an other options in my last post Quote Link to comment https://forums.phpfreaks.com/topic/182047-use-php-to-secure-a-local-file/#findComment-966132 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.