Jump to content

use php to secure a local file?

blakestar

By blakestar
in PHP Coding Help

 Share

Recommended Posts

blakestar Newbie

blakestar

Posted
Posted

Would it be possible to ONLY parse a PHP File/Script if called by the local server?

 

I know its possible to use HTTP_REFERRER but this can be too easily hacked. A page I have on our site uses some flash to include some data, if you view the source code of this page you can see the file name it calls (ex: domain.com?fileex=CallThisFileForData.php).

 

Is it possible in the PHP code of CallThisFileForData.php to ensure that the server is the one requesting the file and not just someone typing CallThisFileForData.php into their browser.

 

Hope that all made sense?

Link to comment
https://forums.phpfreaks.com/topic/182047-use-php-to-secure-a-local-file/
Share on other sites
blakestar Newbie

blakestar

Posted
  • Author
Posted

Yes, Flash is client loaded but you can pass the SWF Object certain parameters via a GET post (myflash.swf?LoadData=CallThisFileForData.php).

 

I want to make sure that only the server can get the returned data from that file. If someone types that .php file into their browser or tries using some other function, program, etc. to get the returned data, it will not parse!

MadTechie Regular Member

MadTechie

Posted
Posted

Yes, Flash is client loaded but you can pass the SWF Object certain parameters via a GET post (myflash.swf?LoadData=CallThisFileForData.php).

Exactly.. The post will be client based NOT server thus its NOT on the same server!

 

I want to make sure that only the server can get the returned data from that file. If someone types that .php file into their browser or tries using some other function, program, etc. to get the returned data, it will not parse!

 

Why not have the Flash file open the php script directly instead of having it as a parameter, you could also create a handshake and a authentication method, However as everything client side can be controlled by the client this is not secure either, but without knowing what your trying to do it will be almost impossible to resolve.

blakestar Newbie

blakestar

Posted
  • Author
Posted

Here is a general example of what I am trying to secure. On the web page a user can click/rollover a link which loads a .php file in a <div> using AJAX, in this case the file line_chart.php:

 

>>>>>>

<a href="javascript:" onMouseOver="loadfile('graphs','line_chart.php');"><img src="images/graph_line.gif" border="0"></a>

<div id="graph" name="graph"></div>

>>>>>>

 

This method works great at "Somewhat" securing the output of the file line_chart.php because it is loaded in the div and a 'View Source' command doesn’t reveal the true output of line_chart.php.

 

What I am attempting to avoid is a user then simply opening a browser window and opening the file directly (http://www.domain.com/line_chart.php)! The line_chart.php should only be parsed if called via that AJAX command!

 

Is this possible to do?

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.