0

I have a php script in my application, this script should be triggered only by a js script from my application. Actually, I'm trying to convert js errors to php errors, so I intercept js errors and send them to a php script. The problem with this approach is that then anyone is able to use the php script as well (and possibly spam the service).

I'm looking for a general approach here or for ideas to make a secure service.

So far, I found those options:

  • create a unique php key that one (the js script) must send in order to "post" an error to the php script. That's my best option for now, but unfortunately, so far, no matter how complex my key, or logical secure system is, I cannot find a 100% "uncrackable" solution (I can make it pretty hard for a potential spammer though).

  • use the html5 FileSystem api, but the problem is that the files that we can write to are browser dependent. And then maybe watch for changes in those files, and notify php when a change is made.

Do you have other ideas in mind ?

ling
  • 9,545
  • 4
  • 52
  • 49
  • Try this: http://stackoverflow.com/questions/1780687/preventing-csrf-in-php – Cristofor Jun 10 '14 at 06:28
  • 1
    "I cannot find a 100% 'uncrackable' solution"... lots of people are looking for that one, too. If you put it in Javascript and send it back to the server, you'll always have someone who can get past it (just fake like you're a browser, request the page, and fake away.) –  Jun 10 '14 at 06:34
  • It is realy tough to find 100% uncrackable solution, but you can generate realy complex token like these way http://www.eschrade.com/page/generating-secure-cross-site-request-forgery-tokens-csrf/ – A l w a y s S u n n y Jun 10 '14 at 10:50

0 Answers0