I have 1 JavaScript file that will post messages on Facebook. I can call this file using
{'message': 'This is a message'}
as POST parameters and it will publish it on Facebook.
It's l开发者_如何学运维ocation is /request/facebook.php
. Now I thought about this. Anyone can call this file and post messages on my Facebook account! How can I protect this file, so it can only be called from a few servers? I know their IP addresses. And how can I call it then from my own server (without the loss of security)?
IP restriction is a good start, but IP's change every once in awhile.
I would consider using a username/password or some sort. It doesn't need to be overly complex, as long as the transmission of the key/password is encrypted.
You need to implement some sort of security on your site, to prevent just anyone from invoking your server script. IP restriction is certainly viable.
精彩评论