Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

can POST be detected

Posted on 2011-03-01
3
Medium Priority
?
320 Views
Last Modified: 2012-05-11
Im sending some info from a flash-file to a small PHP-script, both a larger string as POST and a small string as GET. My question is if a user through his browser or somewhere on his computer are able to see the url of the PHP-script, which by the way has another hostname, than the page from where its send from.
In that case is there a way to make sure that only POST or GET from a particular domain can send to the PHP-script.
0
Comment
Question by:petersego
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 14

Assisted Solution

by:Kalpan
Kalpan earned 750 total points
ID: 35006772
$_POST will never detected unless you set that using the session ie $_SESSION['val'] - $_POST['val'] and that session gets hacked.

try to use the following

http://stackoverflow.com/questions/4243657/someone-has-hacked-my-database-how-did-this-guy-do-it
0
 
LVL 34

Accepted Solution

by:
Dave_Dietz earned 750 total points
ID: 35013237
Anyone half-competent with a network sniffer or any one of a number of other tools for debugging HTTP traffic would be able to see the POST and the GET if they decided to look for it.

If you want to limit the addresses that can send a POST or GET to your script you would need to lock that down at the server with some sort of IP or Domain restriction or at a firewall in a similar manner.

Dave Dietz
0
 

Author Closing Comment

by:petersego
ID: 35080149
Thank you both.
Im not sure what is absolutely correct here, but I understand that it take some skills to detect.
0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A look at what happened in the Verizon cloud breach.
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question