best security for an url

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
User avatar
highjo
Forum Contributor
Posts: 118
Joined: Tue Oct 24, 2006 1:07 pm

best security for an url

Post by highjo »

hello guys!
i've developed a kind of http server(a single page) to process the information posted by an smsc (sms gateway) to that page.i'ts was under ssl but it's not secure enough.a part from the database username/password and php http_authentication what is the best way to secure that url.thanks for reading.any idea any articles, i'll be more that grateful if you can point me to the right way of realizing that.thanks
User avatar
Apollo
Forum Regular
Posts: 794
Joined: Wed Apr 30, 2008 2:34 am

Re: best security for an url

Post by Apollo »

Can you give an example, exactly what are you trying to do (more) securely?

Besides relying on a username/password, encrypting the data you're sending probably won't hurt?
User avatar
highjo
Forum Contributor
Posts: 118
Joined: Tue Oct 24, 2006 1:07 pm

Re: best security for an url

Post by highjo »

thanks for the fast reply. a user would have to sms to a short code for example 2233 and the sms gateway will send (by post or get can't remember since i use $_REQUEST[])it to a page for example

Code: Select all

http://mydomain/smsc/processrequest.php?text=Registeredgatewaycode(space)Mysercidecode(space)PIN(space)OtherParams&sender=themobilephonenumber
this is the simplest one.so the text param is the content of the sms of the user it has for example a code from the smsc, a code that i assign to the service the user is posting to ,the pin code of the user and other params.the sender is the number of the handset that sent the sms.hope it's clear now.
User avatar
highjo
Forum Contributor
Posts: 118
Joined: Tue Oct 24, 2006 1:07 pm

Re: best security for an url

Post by highjo »

that's basically that.i'm wondering adding 2 other params username and password that will have to be store in the database.But that too seem so simple for me
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: best security for an url

Post by kaisellgren »

I am finding it hard to understand what you want. Are you afraid of forged requests? How about you enter a secret key code only known by the SMSC and your website? Then no one can forge requests without knowing this key. Furthermore, send HTTP requests only through a secure connection.

The site should be able to connect back to the SMSC and ask whether the request was valid. I'm not sure how you talk to it, so, you might need to improvise.
gregor171
Forum Newbie
Posts: 22
Joined: Thu Apr 16, 2009 5:09 pm
Location: Ljubljana, Slovenia

Re: best security for an url

Post by gregor171 »

I liked the key idea.
I was wondering, wouldn't it be better to POST this content instead of GET?
temidayo
Forum Contributor
Posts: 109
Joined: Fri May 23, 2008 6:17 am
Location: Nigeria

Re: best security for an url

Post by temidayo »

highjo wrote:thanks for the fast reply. a user would have to sms to a short code for example 2233 and the sms gateway will send (by post or get can't remember since i use $_REQUEST[])
You may want to take a look at this thread on using $_REQUEST:
viewtopic.php?f=34&t=97820
I know $_GET will be convenient for you and you don't want to rule out $_POST.

It is expected that you validate your user, so username and password will not be a bad idea.
Combination of username and password stored in your database may serve as the key you require
for the validation.
david64
Forum Commoner
Posts: 53
Joined: Sat May 02, 2009 8:12 am
Location: Wales

Re: best security for an url

Post by david64 »

Likewise not sure what you are wanting. There is something called mcrypt in PHP, which allows you to encrypt-decrypt stuff using a key. That might be what you want.
Raimo Roopertti
Forum Newbie
Posts: 6
Joined: Wed Apr 22, 2009 4:23 am

Re: best security for an url

Post by Raimo Roopertti »

Hi,

Through this site you can know about the best security for an url:
.windowsecurity.com/
.wown.com
.petri.co.il/
.visualwin.com
Post Reply