Jump to content

security - _Post from one site

rickyj

By rickyj
in PHP Coding Help

 Share

Recommended Posts

rickyj Newbie

rickyj

Posted
Posted

from a securit point of view how is it possible to make sure that any post data only comes from one site (that you define)

 

for instance if I had a example.MyRegistrationForm.php, which posts to example2.MyUserCreation.php

How could I make sure that the data is only posted from example.MyRegistrationForm.php

 

I dont want to send this in the post request (since post request can be manipulated), i need to find a way for  example2.MyUserCreation.php to know it come from example.MyRegistrationForm.php

 

Any ideas?

Link to comment
Share on other sites
cooldude832 Advanced Member

cooldude832

Posted
Posted

yeah best idea is some sort of psedo hash/baubblefish (hash is overkill but would be fun)

(this will sound overkill)

 

on example.php generate a random number (in what ever form you like)

Make a hash for 2 way encryption

store said vaule in a session called $_SESSION[$hashed] = $hashed;

make a hidden form var

<input type="hidden" name="hash" value="<?php echo $hashed;?>" /> (make sure to close for tiddyness)

 

then on the second page say (append if you use a 2 way encryption)

if($_POST['hash'] != $_SESSION[$_POST['hash'])

{//Wasn't coming from the right}

else

{//Have fun you know it processed via your form on your server}

 

 

note:

its safe to use this method because the sessions are stored server side.  Cookies could be modified, and if you really want to get secruity over kill md5 the random key a few times

for($i=0 $i<250; $i++)

{$hash =md5($hash);}

 

Overkill to the extreme

Link to comment
Share on other sites
Cathering_ Newbie

Cathering_

Posted
Posted

yeah best idea is some sort of psedo hash/baubblefish (hash is overkill but would be fun)

(this will sound overkill)

 

on example.php generate a random number (in what ever form you like)

Make a hash for 2 way encryption

store said vaule in a session called $_SESSION[$hashed] = $hashed;

make a hidden form var

<input type="hidden" name="hash" value="<?php echo $hashed;?>" /> (make sure to close for tiddyness)

 

then on the second page say (append if you use a 2 way encryption)

if($_POST['hash'] != $_SESSION[$_POST['hash'])

{//Wasn't coming from the right}

else

{//Have fun you know it processed via your form on your server}

 

 

note:

its safe to use this method because the sessions are stored server side.  Cookies could be modified, and if you really want to get secruity over kill md5 the random key a few times

for($i=0 $i<250; $i++)

{$hash =md5($hash);}

 

Overkill to the extreme

 

How fast will it do that at that rate but?

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.