I have a PHP script that gathers variables from a HTTP Post notificati开发者_运维百科on sent by PollDaddy. See here for more info on PollDaddy's API: http://support.polldaddy.com/http-post-notifications/
I am worried that if someone finds the URL to my PHP script, it could potentially be taken advantage of. (e.g. sending fake http post requests, or spamming with http post requests)
What are the best ways to secure this script and ensure that valid requests are only coming from PollDaddy?
Any help is appreciated!
It looks like you control the url that it goes to.
You could add a ?super_secret_key=randomstring
at the end of the url and check to make sure that exists in the $_GET
array on ever request.
However, at the end of the day, this security is based only on "Security Through Obscurity". There isn't really anything inherently "secure" about this method.
精彩评论