Foxy Forum Status

We're no longer responding to questions via our forum, but we will keep it up for historical reasons. If you can't find the answer you're looking for, please visit our knowledge base or contact us. If there's enough interest in the future, we may bring the forum back.

Protecting the DataFeed page

bdogsputnikbdogsputnik Member
in Bugs & Feature Requests edited December 2007
I'm concerned that someone might find my datafeed page and hack it. Any suggestions on how to insure that it only receives requests from my foxycart account?
  • brettbrett FoxyCart Team
    So long as you keep your key a secret you should be fine (assuming your code is otherwise safe). If somebody sends you a bunch of data but they don't know your key, you shouldn't have any problems (unless you're doing something funky in evaluating the data).

    You could probably check the IP before you do anything, and DIE if it doesn't match. Only potential problem would be if we change our IPs, which may very well happen at some point in 2008 as we rearrange our servers.

    You could also stick it in a subfolder and use .htaccess restrictions based on IP.

    Will either of those methods work for you?
  • Well since I'm using it inside MODx the subfolder doesn't really work.

    The IP sounds good, but I'd be concerned about the future update.

    Sounds like the key covers it for now, I only run anything on the data coming through the XML so that should take care of it.

Sign In or Register to comment.