News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Abhinav Singh's Blog:
How to add content verification using hmac in PHP
December 08, 2009 @ 10:39:24

If you've ever wants an easy "drop in" kind of solution for helping to protect a portion of your site, you should check out this new post from Abhinav Singh about using the has_hmac functionality to do just that.

Many times a requirement arises where we are supposed to expose an API for intended users, who can use these API endpoints to GET/POST data on our servers. But how do we verify that only the intended users are using these API's and not any hacker or attacker. In this blog post, I will show you the most elegant way of adding content verification using hash_hmac (Hash-based Message Authentication Code) in PHP. This will allow us to restrict possible misuse of our API by simply issuing an API key for intended users.

You set up a private and public key for each of the users wanting to connect to the resource. They can then use the hmac functionality to set those over to the requesting page as a part of the message (GET/POST) where the public key is used to check the validity of the request and either allow or deny it.

0 comments voice your opinion now!
content verification hmac hash tutorial


blog comments powered by Disqus

Similar Posts

Derick Rethans' Blog: Using OpenStreetMap tiles with Flickr

AjaxRay.com: Setting up Database testing with Kohana UnitTest module

DevShed: Searching and Replacing Nodes with SimpleXML in PHP 5 (Part 3)

Zend Framework By Examples: Handling dates and times (Zend_Date)

DevShed: The Sleep and Wakeup Magic Functions in PHP 5


Community Events





Don't see your event here?
Let us know!


series api symfony interview tips community zendserver deployment framework release bugfix laravel threedevsandamaybe list voicesoftheelephpant language conference code introduction podcast

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework