开发者

Verify HTTP Post Notification from Polldaddy with PHP

开发者 https://www.devze.com 2023-04-09 17:06 出处：网络

I have a PHP script that gathers variables from a HTTP Post notificati开发者_运维百科on sent by PollDaddy. See here for more info on PollDaddy\'s API: http://support.polldaddy.com/http-post-notificati

相关专题：http-post php security

I have a PHP script that gathers variables from a HTTP Post notificati开发者_运维百科on sent by PollDaddy. See here for more info on PollDaddy's API: http://support.polldaddy.com/http-post-notifications/

I am worried that if someone finds the URL to my PHP script, it could potentially be taken advantage of. (e.g. sending fake http post requests, or spamming with http post requests)

What are the best ways to secure this script and ensure that valid requests are only coming from PollDaddy?

Any help is appreciated!

It looks like you control the url that it goes to.

You could add a ?super_secret_key=randomstring at the end of the url and check to make sure that exists in the $_GET array on ever request.

However, at the end of the day, this security is based only on "Security Through Obscurity". There isn't really anything inherently "secure" about this method.