仅允许通过应用程序访问PHP文件 [英] Only allow access to PHP file through application
问题描述
我有一个PHP文件,该文件查询数据库,然后将XML格式的信息返回给我的应用程序。现在,如果我只是在浏览器中转到URL,然后在URL中输入适当的参数,则信息将立即显示给我。有没有办法让我只能通过应用程序(iOS和Android)访问PHP页面?我已经搜索过,唯一能找到的就是只能通过include来访问该页面,但是如果有人发现包含该文件的php页面,我看不出这将如何限制访问。
I have a PHP file that queries my database and then returns information in XML format back to my application. Right now, if I just go to the URL in the browser and put in the proper parameters in the URL, the information is shown right to me. Is there a way that I can make the PHP page ONLY accessible through the application(iOS and Android)? I have searched, and the only thing that I can find is making the page only accessible through includes, but I don't see how this would restrict the access if the person figured out the php page that included the file. Any suggestions are appreciated!
谢谢
推荐答案
几乎所有限制
基本方法是保留URL秘密。如果只有应用程序知道它,那么只有该应用程序可以对其发出请求。其他任何事情(密码,API密钥,自定义HTTP标头,用户代理嗅探等)都只是围绕同一概念的复杂性。
The basic approach would be "Keep the URL secret". If only the application knows about it, then only the application can make a request to it. Anything else (passwords, API keys, custom HTTP headers, user-agent sniffing, etc) is just complexity around the same concept.
通过HTTPS而不是HTTP进行请求
Making the request over HTTPS instead of HTTP will protect the secret from exposure to sniffing.
没有什么可以使您免于反编译。
Nothing can save you from decompilation though.
这篇关于仅允许通过应用程序访问PHP文件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!