We have a web application on a domain. Now another domain will use this application by doing a 301 redirection to former domain. What are ways to safeguard the app. So that no one can access it directly. Referrer check is one way, but not reliable.
+1
A:
You could require a key and a hash to be passed along to your webapp in the redirect. The redirecting app generates the key, hashes it with a shared secret, and then passes the key and the hashed value to your webapp. Your webapp hashes the key with the shared secret and if it's equal to the hashed value that was provided, access is allowed.
scompt.com
2010-06-09 13:32:43
Nice, but how do you pass a key and a hash built at runtime using a 301 redirect?
bogdanvursu
2010-06-09 14:35:00
`header('Location: http://www.example.com/?key='.$key.'die;`
scompt.com
2010-06-09 19:58:53