PHP

Question

I have fileA.php on SERVER_A and fileB.php on SERVER_B

fileB.php makes a curl request to fileA.php for it's contents

How can fileA.php determine that the request is coming specifically from fileB.php?

--

I was thinking about sending the $_SERVER['SCRIPT_NAME'] in fileB.php to fileA.php but since someone can go into fileB.php or any file in general and just do $_SERVER['SCRIPT_NAME'] = 'fileB.php'; it's not really that secure.

So how can I determine, for security reasons, that the request is coming from a specific file on a different server?

Ignacio Vazquez-Abrams · Accepted Answer

You can't, reliably. You can try setting a HTTP header and verifying that on the other side; it's not fool-proof, but it's better than most.

nickf · Answer

Why not set up a secret token, and verify it on the receiving end?

// fileB.php

$url = "http://example.com/fileA.php"
     . "?from=fileB"
     . "&token=" . sha1('fileB' . 'myaw3som3_salt!')
;
// then make the cURL request.


// fileA.php
if (sha1($_GET['from'] . 'myaw3som3_salt!') != $_GET['token']) {
    die();
}

This is a simplistic example here, but you get the idea.

PHP - How to determine if request is coming from a specific file

Tags:

security

server-variables

Mickey

2 Answers

Ignacio Vazquez-Abrams

nickf

Recent Activity

Donate For Us