开发者

Verify HTTP Post Notification from Polldaddy with PHP

I have a PHP script that gathers variables from a HTTP Post notificati开发者_运维百科on sent by PollDaddy. See here for more info on PollDaddy's API: http://support.polldaddy.com/http-post-notifications/

I am worried that if someone finds the URL to my PHP script, it could potentially be taken advantage of. (e.g. sending fake http post requests, or spamming with http post requests)

What are the best ways to secure this script and ensure that valid requests are only coming from PollDaddy?

Any help is appreciated!


It looks like you control the url that it goes to.

You could add a ?super_secret_key=randomstring at the end of the url and check to make sure that exists in the $_GET array on ever request.

However, at the end of the day, this security is based only on "Security Through Obscurity". There isn't really anything inherently "secure" about this method.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜