I've written some PHP scripts to do some server-side work on a headless linux server machine on a LAN. For example, I have http://ipadress/php/operations.php?operation=registerUser&uName=X&uAlias=Y
. Now, I want to secure my operations script so that; not everyone on LAN can call it and/or run it but; only the ones that ... have a pre-shared key...? This is the point I'm stuck at, requiring a pre-shared key through a GET/POST parameter would be easisest and probably the worst solution. What is/are a more secure way(s) of achieving client-limitation on php scripts?
(I'm thinking of maybe requiring a crypted key file from client when starting the session, and denying access to everybody who havent started a scure session...? That's just me theoratically thinking, have no idea where to start to do it in php.)
edit: I clealrly remember writing "requiring a pre-shared key through a GET/POST parameter would be easisest and probably the worst solution." at my original post, so please kindly stop answering with this same thing over and over again.
edit2: to clear things up: the operations.php is called by a program on client machines on same LAN. I dont want any non-client or stranger machine to use operations.php and dont want anyone to be able to access it through browser. I require some kind of security/authentication method to prevent that. I'm not looking for login forms or simple HttpAuths... Also, I cant just simply put limitations over IP adresses because; it's just not practical and kinda worse than hard coded non crypted passwords...