Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 8 years ago.
Improve this question
i was making a website in php and i am using forms and post requests for many things. In order to test and debug the GET requests i used a chrome extension called postman. I noticed that this extension has also POST requests. What would happen if for example make a post request on facebook with my facebook password? The credentials would be correct and also the request will hit the correct target but again what would happen? Can i just make post requests to any website like that?
You can POST to any website you'd like. Facebook is a bit more difficult due to session cookies and their authentication process, but give it a try and see how it works out for you.
+points for exploring how HTTP works
Websites should treat POST input as user input and as such should validate and sterilize it as needed, nothing should prevent you from attempting such a thing but the complexity of the request and the legal standpoint of faking/automating requests to a site without informing them (I am not a lawyer).
If you want to attempt such a thing while being a good "internet citizen" I'd recommend you to take the following precautions:
Set a user agent different than the normal web browser.
Do not flood websites with attempts.
Do not use a profile you are using in day to day life, as it may be blocked for spam or by the IDS.
Look up if there are test/development flags you can set to let the website know you are testing/developing.
Related
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed last year.
Improve this question
I wanna show users websites in their profiles but I don't know after I validate the user's input format to be the valid URL (https://userwebsite.com), is it safe to use that input in a tag (<a href="https://userwebsite.com">) to redirect other users to that website? if it's not safe is there any way to check the URL??
how facebook and others handle this situation like example below
https://www.facebook.com/pages/Restaurant-El-Reda-libanesische-und-iranische-Spezialit%C3%A4ten/169985763015422
This is a great question. There are many sites that provide the ability for users to enter URLs that are then provided as links. This has been bread and butter of forums for a long time.
The challenge is that we want to make sure that the URL is valid and doesn't encourage people to visit malicious sites. For the first part (is the URL valid) there are plenty of libraries out there that can check the URL for example urlparse for python. (Sorry I don't know PHP well enough to provide the equivalent example).
The second part is a little more interesting and depends on your circumstances. If you are running a non commercial site then Google Safe Browsing offers an API which I believe will allow you to filter out malicious links. If you are running a commercial site then there are alternatives for example SophosLabs Intelix.
In summary I believe that it is safe to do what you are asking as long as:
You validate that the URL is valid
You put reasonable checks in place to prevent users posting links to malicious content
You provide appropriate disclaimers to cover you against the content on external sites
It is absolutely not.
Keep this in mind that accepting anything from user means danger, this is you that should handle the danger in a safe way.
You can get a URL from a user but it might be harmful for others ...
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 2 years ago.
Improve this question
in short: building a website form so the user can enter his information including his phone number, and i need a way to verify his phone number. Am using PHP. any simple code/widget that i could add to the page without any installation or SDKs?
been looking for a server who can help me add a widget/code to my live website so the user verifies his phone number before signing in up.
I have found a lot of servers, some can't understand their docs; they required installing SDKs, and I can't finger out how to do that on the host server! if that what it means!
others add other options with the SMS, like call or email and I don't want that.
the last one I found firebase way, but I also couldn't understand how!
OK, my question is: is there a server or a way that is only to send SMS with code and check the code? i mean even if just send SMS and i could add the code to it and verify it with the function I could write.
i think it is so easy to do, but been looking for couple days and i don't why i couldn't find what i need!
If you want to autheticate the user with a phone number you can take a look on firebase
here is the documentation:
https://firebase.google.com/docs/web/setup
Also you can watch firebase tutorials series on youtube
This question too specific and there is no exac answer.
Mostly SMS depends to local providers (for simple cases). If you get SMS plan your provider and if supporting REST API or SOAP you can use simply. This info should be in docs.
In the worst case scenario, if there is not any info you can check SDK source code and extract SMS parts then create your function or class. After all if, else, basic CRUD operations.
When you need all services (SMS, Call etc.) SDK best way doing this. Yes SDK may has a lot of dependencies and complex but you can trust.
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 4 years ago.
Improve this question
I read all possible information about webhook that I found, but there is no answer about why to use webhooks instead of Https Request which is much easier.
I built API that needs to notify users' server when the certain action happened on my server. Users provide me a URL and I need to send Webhooks or HTTP Post Request to that specific URL.
I can use cron jobs and send HTTP post request when something new happened on the server. Why do I need to use webhooks, if there is a more easy way to do this?
What is the advantage of webhooks over API request? What will be the benefit of using Webhooks over HTTP POST REQUESTS?
Webhooks allow one site to notify another site of something that happened, in real-time (or near-real-time).
As an example, let's say my app integrates with Facebook, and I want to know when a new comment is posted to a Facebook Page.
Without webhooks, I have to regularly check every single post that Page ever made for new comments. If they have a thousand posts, and I check every five minutes, that's twelve thousand API calls every hour... forever.
With webhooks, Facebook tells my server via a POST "hey there was a new comment on post #12345" once, when the comment is created.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
U want the bot ro check every 30 seconds to every single user if they are really online and offline by sending a request and if the bot dont get any respond after 20 sexonds they will update the status on the satabase ro offline.
Like
$con->query("UPDATE users SET status='offline' WHERE username='$username');
I want the bot to check on all users online. Offline users dont need to be checked. It doesnt need to ne a super modded bot. I just need the simplest form of a bot that can perform the following actions.
You cannot send anything to the client without prior receiving a request from it. Thats why its called a client, and the server is called a server, cos he serves.
If we could send data to the browsers without browsers 1st asking us for it, it would lead to a really huge security problem.
Solution
You must implement this in both, the javascript and php, but it is not a simple task.
One solution would be to listen for a user's mousemove with jquery javascript, and than when the user is not moving his mouse for X seconds, you send a http request to the server telling him that the user is AFK.
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 8 years ago.
Improve this question
I want to show certain content if traffic comes to my wordpress site from google search. I want to use $_SERVER["HTTP_REFERER"] . Security is not a huge issue -- if some client really wants to lie that they are coming thru google that is no big deal (they'll just see an ad). I also understand that I need to check what they send through $_SERVER["HTTP_REFERER"] for malicious code. However, I see that according to answers in this post Determining Referer in PHP not all browsers send HTTP_REFERER.
What browsers don't send it? What versions?
When the referring site has SSL turned on, it will often not include the HTTP_REFERER. As you can imagine, this is by design for security purposes. Code accordingly.
This makes it difficult to know when visitors are coming from sites like youtube and gmail which use SSL by default.
Also this question is similar:
Is there referrer header while using SSL?