The Slim Framework support forum has moved to http://discourse.slimframework.com. This Tender forum is no longer maintained or monitored.

Security

Bryan Spann's Avatar

Bryan Spann

19 Aug, 2015 09:10 PM

Hello,

I am new to slim ( about 3 hours), I do have the application working (YAY!) however pretty much anyone in the world can use the API once they have discovered the path? I work for a dr.s office, and naturally all data being passed around has to be locked down....what I was hoping was that I could lock down the index.php page by use of the .htaccess file only allowing the local IP to use it, that did not seem to work...I really dont want to have to use oauth. I was hoping there was a private and public definition for the endpoints but I am not seeing that anywhere either...any help at this point would be great!

  1. 1 Posted by egor.gruzdev on 22 Aug, 2015 07:17 AM

    egor.gruzdev's Avatar
    $app->add(function(\Slim\Http\Request $request,\Slim\Http\Response $response, $next){
    
        if($request->getIp() === '127.0.0.1'){
            $response = $next($request, $response, $next);
        }else{
            $response->getBody()->write('in dosutpe denied');
        }
    
        return $response;
    });
    
  2. 2 Posted by bspann6 on 22 Aug, 2015 01:14 PM

    bspann6's Avatar

    Awesome,  thank you! 

    Sent from my Verizon Wireless 4G LTE smartphone-------- Original message --------From: "egor.gruzdev" <[email blocked]> Date: 8/22/2015 1:17 AM (GMT-07:00) To: [email blocked] Subject: Re: Security [Questions #7886]

  3. 3 Posted by richardcgeddes on 17 Sep, 2015 03:56 PM

    richardcgeddes's Avatar

    If what you're protecting is valuable, ip/mac address filtering for security is at best a weak form of security, vulnerable to ip/mac spoofing attacks. You're better off using descent authentication in combination.

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:

»

Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac