Answer the question
In order to leave comments, you need to log in
A
A
akdes2017-05-29 20:23:10
akdes, 2017-05-29 20:23:10
Is it safe to use $_SERVER['REMOTE_ADDR'] for API access?
Good afternoon.
I am writing a small API for two services
1. Admin
2. Frontend
. soon Frontend will be divided into several services, I want to provide for this in the API: I
thought to give access by the Key and the address where the request comes from. Those. in the database there is a bunch of API_Token and RemoteAdress "myApp.com" or "127.0.0.2" from $_SERVER['REMOTE_ADDR']
hence the question, how safe is this solution?
Can anyone suggest a smarter/secure IP/Domain access control solution?
And how realistic is it if requests come from Angular (IP-Uzver and not App-Server) for example? You need to write a "Request-Forwarder" that hangs over Angular and sends further requests to the service...
Purpose: To prevent the use of APIs from outside, with the exception of Whitelisted.
Thanks in advance for your experience and advice.
1 answer(s)
@xmoonlight
Two conflicting rules.
You can give:
1. public (when the token is not needed). 2. authorized
access (when the client has already logged in and received a token for accessing the API, then accessed the API, signing the request with the issued token at logon)
channel: mail or something else)
There are no other options for the API.
X
xmoonlight, 2017-05-29 @xmoonlight
if requests come from Angular for example (IP-Uzver and not App-Server)
Two conflicting rules.
You can give:
1. public (when the token is not needed). 2. authorized
access (when the client has already logged in and received a token for accessing the API, then accessed the API, signing the request with the issued token at logon)
channel: mail or something else)
There are no other options for the API.
Similar questions
A
D
B
M
P
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question