问题
So I have an issue. I have a server, lets call it (testserver.net). Right now, to change the database, from my application, my app runs "testserver.net\add.php". The problem is anyone can run that and change things in my database. How do I make it that needs some sort of verification before running the code in add.php so no one can just have access to my server? (Like a password or something).
回答1:
create a token : 1MBASFDFACAUYTUG^%(!@UUIASNSR*_-+LASQWFVSA4QWYUI12670 ,save this token safely with in your application.
Whenever you want to call the add.php pass the token like :
testserver.net?token=1MBASFDFACAUYTUG^%(!@UUIASNSR*_-+LASQWFVSA4QWYUI12670
add.php
$secret = $_POST['secret']; //use post or get
if($secret != $mySavedSecret){
die('intruder!!')
}
回答2:
Place you add.php file in separate folder and password protect it, or you may use Password protect a specific URL solution
回答3:
You need to perform Authentication followed by Authorization. In PHP there are many frameworks which support this.
pls check this for basic authentication
https://book.cakephp.org/2.0/en/tutorials-and-examples/blog-auth-example/auth.html
or you can use popular frameworks and follow their tutorials to perform this.
check this php micro framework Slim
来源:https://stackoverflow.com/questions/51129624/protecting-sql-server-for-private-usage