How do I only allow my app to access my ajax requests

Get help using Construct 2

Post » Sat Jan 23, 2016 6:29 pm


I am working on a app which works like a charm but i have bad thoughts about the safety.

I actually fetch a lot of data trough AJAX requests via .php files on my server.

Now everything works as expected but i want to know if there is any way to only allow my app reading the .php files. Is there any way i can identify my Construct 2 project to my php scripts so the script won't be accessible by browser but only by my app?

My method at this moment is very straightforward and everything but safe:
AJAX > Request -

As in the PHP code i connect to my database, get my info and echo it back.

For now this is great to test everything and set up a working project but as you know you can simply access the php scripts once you know where they are and for that i feel not safe. Some one with bad intentions could crap up the complete database with no hassle at all.

Any good solutions?

Posts: 181
Reputation: 2,551

Post » Tue Jan 26, 2016 4:26 pm

Start by ensuring that your file permissions in Linux are correct (or Windows). Make sure that the php files belong to the root or admin user and are permissioned only for read & execute access by your Apache HTTPD user.

Other than that, I don't know how dextrous you are with server-side networking, but you can use proxy systems to limit access to your files.

You could go even further and have intrusion prevention systems and firewalls on various levels of proxy servers.

Some auxiliary resources: ... heat_Sheet ... -step-step ... orial.html ... tail?id=94

Oh and make sure you use prepared statements for all of your database accesses!!
I don't check the forums much anymore, but I will receive an email for PMs.

"Someone once told me I bite off more than I can chew...

I told them I would rather choke on greatness than nibble on mediocrity."
Posts: 1,419
Reputation: 4,867

Return to How do I....?

Who is online

Users browsing this forum: No registered users and 3 guests