I would like to only allow my PHP code to output if it has verified that the request was sent from a certain Java application. I cannot think of anything.
The Java application requests a PHP page and the output is then used in the application but I want PHP to only output to the application if it is proven to PHP that it is my Java application and not someone who has decompiled the Java code and stolen the request, so that it is impossible for anything to communicate with the PHP code except the exact Java app.
My problem is that I am making something that could be abused if someone worked out how to request it and automate it to request a lot.
Sorry if that doesn't make sense, if you would like me to elaborate please ask.
Allow PHP to only output to a certain Java application
Moderator: General Moderators
Re: Allow PHP to only output to a certain Java application
Generally not possible. In a client-server architecture you never could be sure the client software was not changed when it's being run not under your control. So you should not assume you can.
What's your use-case, anyway? Why does the backend need to trust only specific client?
What's your use-case, anyway? Why does the backend need to trust only specific client?
Re: Allow PHP to only output to a certain Java application
I need this because the system could be abused if someone requested it in a browser or automated requests. It is a database for banning people who grief on Minecraft servers but if someone got the URL http://server.com/database/ban.php?user= then they could ban a lot of people quickly who shouldn't be banned.
A simple fix would be to only allow the Java useragent or other things in the headers but then that could be faked.
A simple fix would be to only allow the Java useragent or other things in the headers but then that could be faked.