Hi,
I have bumped into a problem. I need to use a web service that is located on
server B from server A. The server B will execute a script when the web
service is accessed and an email is sent as an parameter. The problem is, if
I only have the email as incoming parameter, anyone can just figure out the
url for the web service, the name, and then just send the email to that
address.
To make this a little bit secure I setup so two parameters are sent, the
email and a confirmation code. First I was just thinking to basically have a
password sent with, and if that is correct just execute the script. However,
due to server restrictions I can not run it on HTTPS, so that also looses
value.
So this is how I solved it:
I send a parameter with the request that is the email, some extra characters
and then MD5 on that. I do this on server A and then server B just checks if
it is the same resulting string. If so, we know it comes from server A
because that server is the only one that knows the extra characters used.
$authstring = md5("asdf".$email."fdsa");
Would this be hard to crack assuming that the one who cracks does not know
the characters that are used to generate the $authstring?
Maybe someone have experience with this? Or just a comment?
Best regards,
Peter Lauri
www.lauri.se <http://www.lauri.se/> - personal web site
www.dwsasia.com <http://www.dwsasia.com/> - company web site
