maybe have a client id that they need to send with each request and have the checking script use that, instead of the ip or url, etc
-----Original Message----- From: Kevin Stone [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 13, 2002 10:32 AM To: [EMAIL PROTECTED] Subject: [PHP] Limiting use on public scripts. I have a growing list of simple PHP scripts which we allow our client's to use on their websites. These are email scripts, postcard scripts, event calendars, statistics tracking, etc... For maintenance and upgrade purposes we host the scripts in a single location our main account then allow our clients to link to them through forms or hotlinks (or whatever method the script calls for). What is the best way of going about securing these publicly accessible scripts so that only our client's websites have access to them without having to "gain" access via a login method, or publicly viewable username. I could record their IP and passing all requests through a check script, then redirect to the desired module. But IP addresses can change, be spoofed, or be confused by proxy servers. We're taking on new clients every week so I'd like to come up with something more reliable. Ideas, links, tutorials, books.. any information will be appreciated. Thanks! -- Kevin Stone [EMAIL PROTECTED] www.helpelf.com <http://www.helpelf.com/>
