Allow PHP to only output to a certain Java application

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
CallumA
Forum Newbie
Posts: 2
Joined: Mon Aug 15, 2011 6:55 pm

Allow PHP to only output to a certain Java application

Post by CallumA »

I would like to only allow my PHP code to output if it has verified that the request was sent from a certain Java application. I cannot think of anything.
The Java application requests a PHP page and the output is then used in the application but I want PHP to only output to the application if it is proven to PHP that it is my Java application and not someone who has decompiled the Java code and stolen the request, so that it is impossible for anything to communicate with the PHP code except the exact Java app.

My problem is that I am making something that could be abused if someone worked out how to request it and automate it to request a lot.

Sorry if that doesn't make sense, if you would like me to elaborate please ask.
User avatar
Weirdan
Moderator
Posts: 5978
Joined: Mon Nov 03, 2003 6:13 pm
Location: Odessa, Ukraine

Re: Allow PHP to only output to a certain Java application

Post by Weirdan »

Generally not possible. In a client-server architecture you never could be sure the client software was not changed when it's being run not under your control. So you should not assume you can.

What's your use-case, anyway? Why does the backend need to trust only specific client?
CallumA
Forum Newbie
Posts: 2
Joined: Mon Aug 15, 2011 6:55 pm

Re: Allow PHP to only output to a certain Java application

Post by CallumA »

I need this because the system could be abused if someone requested it in a browser or automated requests. It is a database for banning people who grief on Minecraft servers but if someone got the URL http://server.com/database/ban.php?user= then they could ban a lot of people quickly who shouldn't be banned.

A simple fix would be to only allow the Java useragent or other things in the headers but then that could be faked.
Post Reply