Poor humor aside, I'm trying to figure out how I can ensure that I only respond to requests from 'licensed' clients. My first thought was to check $_SERVER['HTTP_REFERER'] to identify where the request was coming from and compare that to a URL stored in my clients table, but that doesn't work.
Client script:
Code: Select all
<?php
$Reply = file("http://www.myserver.ext/sandbox/eventsrv.php");
echo $Reply[0];
?>I COULD use $_SERVER['REMOTE_HOST'] to get the IP of the requesting server, but if multiple sites are on a shared server, then some unlicensed pages COULD access the data ... and if the IP of a site's server changes, a valid request could be denied.
Any thoughts on how I can check to see that a request is coming from someone who is paying to receive data from my server?
Thanks in advance for your help!
Jeff