Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I have a PHP script where it is pretty important that POST data is coming from a know source. Judging from ‘similar titles’ there is no real way to do this as headers can be spoofed. Can SERVER_ADDR be spoofed also? Could this be used as some sort of verification where data is being posted from?
Disregarding PHP, relying on the IP address the request seems to arrive from is a rather weak form of security. You should consider using HTTPS with individual client certificates handed out to each trusted source.
SSL might seem daunting at first, but what you need here is not complicated at all, and you’ll be gaining a valuable skill learning it.