接受POST只从自己的服务器 [英] accept POST from only own server

问题描述

我已经开发了PHP的一个项目现在我需要处理已被送往从我自己的服务器的POST数据！
怎么办呢？
REFERRER不是一个解决方案，因为它可以阻止/删除或轻易改变！
有code停止它的的.htaccess

i have developed a project in PHP now i need to process those POST DATA which have been sent from my own server !
how to do it ?
REFERRER is not a solution, as it can be blocked/removed or changed easily !
is there code to stop it in .htaccess ?

推荐答案

您可以尝试使用加密的随机数< /一>：典型的客户机 - 服务器在一个基于随机数的认证过程包括在服务器随机数和客户端随机数通信（此客户端随机数可以使用随机数构建从服务器recived）。

You could try to use cryptographic nonce : Typical client-server communication during a nonce-based authentication process including both a server nonce and a client nonce ( this client nonce could be built using the nonce recived from the server ) .

现在，这并不能让你超级安全（因为会有人会是谁能够绕过这个比较容易），这将是更难最floks做一个职位，你网站

Now this doesn't make you super secure ( as there will be people who would be able to bypass this rather easy ) it will be harder for most floks to make a post to you're website .

（此图片显示如何使用随机数在authetification的过程，但是你可以使用它的非鉴别的目的）

( this image shows you how to use nonces in an authetification process , however you could use it for non authentification purposes )

这篇关于接受POST只从自己的服务器的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！