I am working on a app which works like a charm but i have bad thoughts about the safety.
I actually fetch a lot of data trough AJAX requests via .php files on my server.
Now everything works as expected but i want to know if there is any way to only allow my app reading the .php files. Is there any way i can identify my Construct 2 project to my php scripts so the script won't be accessible by browser but only by my app?
My method at this moment is very straightforward and everything but safe:
AJAX > Request - domain.com/scripts/phpfile.php?variable1=1&variable2=2
As in the PHP code i connect to my database, get my info and echo it back.
For now this is great to test everything and set up a working project but as you know you can simply access the php scripts once you know where they are and for that i feel not safe. Some one with bad intentions could crap up the complete database with no hassle at all.
Any good solutions?