how can I reliably check that requests to my service file have come from my website?

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Posted by woot586 on Stack Overflow See other posts from Stack Overflow or by woot586
Published on 2011-01-08T10:27:53Z Indexed on 2011/01/08 10:53 UTC
Read the original article Hit count: 170

Filed under:
|
|
|

I have a service.php class that I use to service AJAX calls from my website. To prevent other people accessing the service using PHP CURL I would normally check the request has come from mysite, and if they are not then just redirect to my home page e.g.

if($_SERVER['HTTP_REFERER'] != "http://www.mysite.com"){
   header('location: http://www.mysite.com');
   exit;
}

I read in the PHP holy bible:

http://www.php.net/manual/en/reserved.variables.server.php

that

"Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature. In short, it cannot really be trusted."

So if this method is not reliable, my question is how can I reliably check that requests to my service file have come from my website?

Thanks for any help you can provide!

© Stack Overflow or respective owner

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Related posts about php

Related posts about AJAX

Categories cloud

.NET ASP.NET iphone linux python Windows mysql android sql windows-7 html c ruby-on-rails css objective-c ubuntu networking sql-server wpf asp.net-mvc ruby database Xml apache AJAX osx security regex django Performance 12.04 windows-xp mac web-development iphone-sdk vb.net Silverlight apache2 flash server perl best-practices email installation eclipse visual-studio algorithm windows-server-2008 winforms wcf firefox bash dns /Oracle