Protecting the DataFeed page

bdogsputnikbdogsputnik Member
in Bugs & Feature Requests edited December 2007
I'm concerned that someone might find my datafeed page and hack it. Any suggestions on how to insure that it only receives requests from my foxycart account?
Comments
  • brettbrett FoxyCart Team
    So long as you keep your key a secret you should be fine (assuming your code is otherwise safe). If somebody sends you a bunch of data but they don't know your key, you shouldn't have any problems (unless you're doing something funky in evaluating the data).

    You could probably check the IP before you do anything, and DIE if it doesn't match. Only potential problem would be if we change our IPs, which may very well happen at some point in 2008 as we rearrange our servers.

    You could also stick it in a subfolder and use .htaccess restrictions based on IP.

    Will either of those methods work for you?
  • Well since I'm using it inside MODx the subfolder doesn't really work.

    The IP sounds good, but I'd be concerned about the future update.

    Sounds like the key covers it for now, I only run anything on the data coming through the XML so that should take care of it.

    Thanks!
Sign In or Register to comment.