-1
I am developing a very basic system, just for study. During the development, I had a question. In my system I have a page called register Customer.php that when submitting a form, it will execute an sql call to register a new client. However there is nothing there protects, anyone has access to this page and can register customers, just send a post. I saw that it is possible to use httpacess to protect it, but I question myself, is this the only way? Could I use a kind of token that only authorizes users who have submitted this form from my page? or that does not allow him to access the script directly (by entering the link).
Edgar this is looking very much like the face of suffering SQL Injection, is it personal or professional ? If it is personal put a bullshit solution. But anti hand seems very insecure.
– Panda
It’s personal, just for study purposes
– Edgar
@Panda think the problem is not (only) this. What it seems to want is to create an authentication system, where only "authorized persons" (by some arbitrary criterion decided by it) could register Customer. Honestly, there are several posts both on Stackoverflow and off about it. You already mention a solution ("You could use a token that only authorizes users who have submitted this form from my page"), so why didn’t you try it? If it’s for study, what will you learn if we simply deliver the ready answer?
– Inkeliz
All right, say I would use a token, but how could I send it safely? the form is sent by an ajax (contained on the same page).
– Edgar