I am working on a app which works like a charm but i have bad thoughts about the safety.
I actually fetch a lot of data trough AJAX requests via .php files on my server.
Now everything works as expected but i want to know if there is any way to only allow my app reading the .php files. Is there any way i can identify my Construct 2 project to my php scripts so the script won't be accessible by browser but only by my app?
My method at this moment is very straightforward and everything but safe:
AJAX > Request - domain.com/scripts/phpfile.php?variable1=1&variable2=2
As in the PHP code i connect to my database, get my info and echo it back.
For now this is great to test everything and set up a working project but as you know you can simply access the php scripts once you know where they are and for that i feel not safe. Some one with bad intentions could crap up the complete database with no hassle at all.
Any good solutions?
Develop games in your browser. Powerful, performant & highly capable.
Start by ensuring that your file permissions in Linux are correct (or Windows). Make sure that the php files belong to the root or admin user and are permissioned only for read & execute access by your Apache HTTPD user.
Other than that, I don't know how dextrous you are with server-side networking, but you can use proxy systems to limit access to your files.
You could go even further and have intrusion prevention systems and firewalls on various levels of proxy servers.
Some auxiliary resources:
https://www.owasp.org/index.php/PHP_Sec ... heat_Sheet
http://www.symantec.com/connect/article ... -step-step
http://www.cyberciti.biz/tips/php-secur ... orial.html
https://web.nvd.nist.gov/view/ncp/repos ... tail?id=94
Oh and make sure you use prepared statements for all of your database accesses!!