Solved

can POST be detected

Posted on 2011-03-01
3
308 Views
Last Modified: 2012-05-11
Im sending some info from a flash-file to a small PHP-script, both a larger string as POST and a small string as GET. My question is if a user through his browser or somewhere on his computer are able to see the url of the PHP-script, which by the way has another hostname, than the page from where its send from.
In that case is there a way to make sure that only POST or GET from a particular domain can send to the PHP-script.
0
Comment
Question by:petersego
3 Comments
 
LVL 14

Assisted Solution

by:Kalpan
Kalpan earned 250 total points
ID: 35006772
$_POST will never detected unless you set that using the session ie $_SESSION['val'] - $_POST['val'] and that session gets hacked.

try to use the following

http://stackoverflow.com/questions/4243657/someone-has-hacked-my-database-how-did-this-guy-do-it
0
 
LVL 34

Accepted Solution

by:
Dave_Dietz earned 250 total points
ID: 35013237
Anyone half-competent with a network sniffer or any one of a number of other tools for debugging HTTP traffic would be able to see the POST and the GET if they decided to look for it.

If you want to limit the addresses that can send a POST or GET to your script you would need to lock that down at the server with some sort of IP or Domain restriction or at a firewall in a similar manner.

Dave Dietz
0
 

Author Closing Comment

by:petersego
ID: 35080149
Thank you both.
Im not sure what is absolutely correct here, but I understand that it take some skills to detect.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Every computer eventually fails. When that happens, your valuable data is only as safe as your current backup.
A customer recently asked me about anti-malware and the different deployment options available for his business. Daily news about cyberattacks, zero-day vulnerabilities, and companies that suffered a security breach made him wonder if the endpoint a…
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
A simple description of email encryption using a secure portal service. This is one of the choices offered by The Email Laundry for email encryption. The other choices are pdf encryption which creates an encrypted pdf of your email and any attachmen…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now