maybe have a client id that they need to send with each request and have the
checking script use that, instead of the ip or url, etc
From: Kevin Stone [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, February 13, 2002 10:32 AM
To: [EMAIL PROTECTED]
Subject: [PHP] Limiting use on public scripts.
I have a growing list of simple PHP scripts which we allow our client's
to use on their websites. These are email scripts, postcard scripts,
event calendars, statistics tracking, etc... For maintenance and
upgrade purposes we host the scripts in a single location our main
account then allow our clients to link to them through forms or hotlinks
(or whatever method the script calls for).
What is the best way of going about securing these publicly accessible
scripts so that only our client's websites have access to them without
having to "gain" access via a login method, or publicly viewable
I could record their IP and passing all requests through a check script,
then redirect to the desired module. But IP addresses can change, be
spoofed, or be confused by proxy servers. We're taking on new clients
every week so I'd like to come up with something more reliable.
Ideas, links, tutorials, books.. any information will be appreciated.