I am new to php and still a little wet behind the ears so please be gentle with me!
I have developed a large mySQL database which I've made accesible to the public for browsing purposes.
I am concerned that someone might just rip off my whole database though and publish it elsewhere.
I've been told that someone could 'post' sequential variables to my form (perhaps using a php counter?) and then 'harvest' the subsequent output for repackaging into a database of their own.
Is this true or would they manually need to 'post'?
I have used if ($REQUEST_METHOD != "POST") on the form processing page to stop input directly from a url.
How could I prevent other folks from easily ripping of my database?
I have tried using a $HTTP_REFERER trap (ensuring that only queries from my domain name can get through) but I've discovered that this blocks quite a number of 'innocent' people from viewing the database for some reason.
Any ides please?
Many thanks.
Ry.
How to stop someone running my php scripts from their server
Moderator: General Moderators
-
Bennettman
- Forum Contributor
- Posts: 130
- Joined: Sat Jun 15, 2002 3:58 pm
As far as I know, the database should be safe from a full save as long as you have the viewing access in your own PHP page and don't provide any access to run SQL queries. If that's the case, I think the only real way of getting the database contents would be to have a program to analyse the HTML, or to do it manually (which you can't block without denying access to the 'base in the first place).
The solution I recommend is to restructure your entire operation. Rather than having others have direct DB access, why not output things, you are safe with everyone having, into a txt file or html page and have them query that page for the info? (By that I mean use [php_man]fopen[/php_man]() or whatever.)
There might be a solution for you to keep your current setup with a tighter clasp on who is accessing what, but even if there was, I recommend doing the more secure thing for your db and that is only allowing yourself to access it.
There might be a solution for you to keep your current setup with a tighter clasp on who is accessing what, but even if there was, I recommend doing the more secure thing for your db and that is only allowing yourself to access it.