Results 1 to 4 of 4

Thread: prevent unauthorized posting to a php page

  1. #1

    Thread Starter
    Still learning kebo's Avatar
    Join Date
    Apr 2004
    Location
    Gardnerville,nv
    Posts
    3,712

    prevent unauthorized posting to a php page

    Hey all,

    I have a little Arduino web web client I've build that posts data to a php page using http requests. The php page stuffs the data in the request to a database that resides behind my isp's firewall. This is all good and working.

    My question is how do I prevent some other application from making the same post and stuffing bogus data into the database?

    Do I need to encrypt the content? (I hope not because code space in the Arduino is worth more than my truck)
    Is there a way to know where the request came from? even if it's sent from a dynamic ip address?

    I could think of a few ways to do this, but would like to know the opinions of the community.

    Any insight or tips would be worth a dollar or 2 at least.
    thanks
    kevin

    ps the Arduino doesn't have the horsies to support HTTPS. I could move to the Arduino yun which does, but that is by far a distant alternative.
    Last edited by kebo; Jul 19th, 2016 at 06:13 PM.
    Process control doesn't give you good quality, it gives you consistent quality.
    Good quality comes from consistently doing the right things.

    Vague general questions have vague general answers.
    A $100 donation is required for me to help you if you PM me asking for help. Instructions for donating to one of our local charities will be provided.

    ______________________________
    Last edited by kebo : Now. Reason: superfluous typo's

  2. #2
    Frenzied Member tr333's Avatar
    Join Date
    Nov 2004
    Location
    /dev/st0
    Posts
    1,606

    Re: prevent unauthorized posting to a php page

    How secure does this need to be? In other words, how sensitive is the data you're sending? If it's super sensitive, there's no question you'd want HTTPS. Otherwise you could just send a token to verify along with the data? Keep in mind that without HTTPS this will all be susceptible to sniffing and MITM.

    I'm not sure how this compares to HTTPS for resources usage (horsies), but maybe something like TOTP/HOTP? https://github.com/Spomky-Labs/otphp.
    CSS layout comes in to the 21st century with flexbox!
    Just another Perl hacker,

  3. #3

    Thread Starter
    Still learning kebo's Avatar
    Join Date
    Apr 2004
    Location
    Gardnerville,nv
    Posts
    3,712

    Re: prevent unauthorized posting to a php page

    yea, it's not "mission critical", but I don't like the idea of leaving my kimono wide open so anyone can see my bits. I was thinking about running the UTC time through a function and sending the time value and the output, then verify it on the PHP side with the same function. Kind of like a crc with a custom polynomial or something. TOTP/HOTP is new to me so I'll take a look and see if I can make it fit.
    thanks

    edit come to think of it, I probably could just crc the content with a custom poly and send that. That's probably what you meant by a token yea?
    Last edited by kebo; Jul 19th, 2016 at 07:30 PM.
    Process control doesn't give you good quality, it gives you consistent quality.
    Good quality comes from consistently doing the right things.

    Vague general questions have vague general answers.
    A $100 donation is required for me to help you if you PM me asking for help. Instructions for donating to one of our local charities will be provided.

    ______________________________
    Last edited by kebo : Now. Reason: superfluous typo's

  4. #4
    Frenzied Member tr333's Avatar
    Join Date
    Nov 2004
    Location
    /dev/st0
    Posts
    1,606

    Re: prevent unauthorized posting to a php page

    I wasn't referring to anything specific, just some value that could be used to authenticate the request as coming from a valid client.
    CSS layout comes in to the 21st century with flexbox!
    Just another Perl hacker,

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width