A community in which webmasters can ask for help with topics such as PHP coding , MySQL , IT jobs, web design, IT security.
Current location:homephp forumphp talk in 2009 yearPreventing PHP scripts used in a iPhone app from being access via web browser - page 1
User InfoPosts
Preventing PHP scripts used in a iPhone app from being access via web browser#1
I(m trying to get some more info on a question I posed on another thread

Basically, I am using this method to pass parameters to a php script which returns values from a server:

NSString *urlstr = [[NSString alloc] initWithFormat:@"http://www.yourserver.com/yourphp.php?param=%d", paramVal];
NSURL *url = [[NSURL alloc] initWithString:urlstr];
NSString *ans = [NSString stringWithContentsOfURL:url];
// here in ans you(ll have what the PHP side returned. Do whatever you want
[urlstr release];
[url release];


I then pose the question. How do you secure (http://www.yourserver.com/yourphp.php( ? You can easily navigate to the same script (if you know the path) and pass in any parameters that you want. Am I missing something?

posted date: 2009-04-10 12:29:00


Re: Preventing PHP scripts used in a iPhone app from being access via web browser#2
I had made out the solution of this problem. click to view my topic...

hope that hepls.

posted date: 2009-04-10 12:29:01


Re: Preventing PHP scripts used in a iPhone app from being access via web browser#3
Nope, you(re not missing anything. Well, other than an auth framework. :)PHP isn(t the best platform for securing a web application, but you might use Pear(s Auth library.

posted date: 2009-04-10 12:44:00


Re: Preventing PHP scripts used in a iPhone app from being access via web browser#4
You could use a MAC of the outgoing data to send along. This avoids using a full blow Auth framework (and sessions for that matter).This is however vulnerable to a repeat attack, but would certainly verify that the message originated from your application. http://en.wikipedia.org/wiki/Message_authentication_code

posted date: 2009-04-10 13:09:00


Re: Preventing PHP scripts used in a iPhone app from being access via web browser#5
Validate your input on the PHP side; If any input is valid, then generate a password and pass that along with the parameter to be validated against before taking any action.They password should be as temporary as possible, ideally based on a nonce from the server salted with some data the application generates (i.e. it(s not stored) and the server knows beforehand.

posted date: 2009-04-11 04:25:00


Re: Preventing PHP scripts used in a iPhone app from being access via web browser#6
The user agent and dummy params won't help at all, since it's trivial to sniff these and use them in, say, a web browser. You want something like what TK replied.

posted date: 2009-04-11 05:02:00


Re: Preventing PHP scripts used in a iPhone app from being access via web browser#7
only advanced users know how to fool user-agent, by adding this security layer you reduce the chances of undesired users to access ur php script

posted date: 2009-04-11 12:45:00


select page: « 1 »
Copyright ©2008-2017 www.momige.com, all rights reserved.