I've build a web application that allows users to see some data from there homes. At home every user has a gateway that posts this data to a php script. That script then inserts the data into my MySQL database.
I need the script to validate that the request it's handling comes from a gateway and the right gateway. In this way it's not allowed to push data from someone elses gateway or just use a webbrowser to pass fake data. But how to build this?
I came up with the following solution ideas:
- Check the HTTP header to see what user agent is used.
- Validate the IP address since that is saved in the database.
- Use a token system.
I know IP address checking is not a verry good solution since public ip's may change or used by someone else. But what would be the best solution? And do you guys have any tips or sample code on the token system? Thanks for your help.
the best solution is 3rd, token system, because user agent could be changed using browser addon or in some other way, IP address could be dynamic and even if you use both user agent and IP address checks, you have a big chance to identify user wrong. But in case of using token system, when token would be generated dynamically and will live only to next request, it will make your application more secure. Here's a good example: