1

I have a php script which updates a database. I want to be sure that no one else can call my script remotely and execute it.

I tried this code but it did not work, the refer was always empty because I use https connection. 

if (strpos($_SERVER['HTTPS_REFERER'], 'linkedfilm.com') == false) 
{
    exit();
}

The server is Apache server.

Thanks.

Daina Hodges
  • 823
  • 3
  • 12
  • 37
  • Maybe design a [RBAC](https://en.wikipedia.org/wiki/Role-based_access_control). User must be logged in and of a certain role (admin for example). – Jaquarh Jan 20 '19 at 13:53
  • Are you looking for this : https://stackoverflow.com/questions/51129624/protecting-sql-server-for-private-usage/51129788#51129788 ? – Shan Jan 20 '19 at 14:15

2 Answers2

3

Hello Daina Hodges,

You got a few options to secure this .php script.

  1. You can secure this script by moving it into another directory outside of your DOCUMENT_ROOT
  2. You can add the .htaccess
  3. You can allow only local ip
Sebastian Waldbauer
  • 674
  • 1
  • 10
  • 17
  • or you can allow [only command-line access](https://stackoverflow.com/questions/942435/how-to-make-a-php-file-run-able-only-through-cli-mode) – Nikos M. Jan 20 '19 at 14:42
1

You could use .htaccess and put your script in a password protected directory.

Or you could use some sort of login and authentication routines on your site so you can login and access that script.

Or you could pass a 'secret' key with you call to the script, quick and dirty

if( $_GET['secret'] != "mysecret" ) exit();
Matthew Page
  • 746
  • 5
  • 15