开发者

PHP/Javascript security

开发者 https://www.devze.com 2023-03-18 03:10 出处:网络
I have 1 JavaScript file that will post messages on Facebook. I can call this file using {\'message\': \'This is a message\'}

I have 1 JavaScript file that will post messages on Facebook. I can call this file using

{'message': 'This is a message'}

as POST parameters and it will publish it on Facebook. It's l开发者_如何学运维ocation is /request/facebook.php. Now I thought about this. Anyone can call this file and post messages on my Facebook account! How can I protect this file, so it can only be called from a few servers? I know their IP addresses. And how can I call it then from my own server (without the loss of security)?


IP restriction is a good start, but IP's change every once in awhile.

I would consider using a username/password or some sort. It doesn't need to be overly complex, as long as the transmission of the key/password is encrypted.


You need to implement some sort of security on your site, to prevent just anyone from invoking your server script. IP restriction is certainly viable.

0

精彩评论

暂无评论...
验证码 换一张
取 消