I'm using a $_GET function in php to perform functions for my Java server.
The website is similar to this: http://api.somewebsite.com/perform/function.php?authkey1=randomMD5&authkey2=randomMD5¶meters=something
Where the variables authkey1 and authkey2 represent a randomly generated MD5. The PHP script does connect to MySQL, and I've already prevented injection. However, before anything else gets parsed by the code, the URL has to include those 2 authkeys or else they get a message saying, "Improper authentication".
Here's an example of what my code does:
// Security key check
$key1 = "skghlskfhgj42u6928749856478937683471095sndgfnsvnrandom";
$key2 = "dbnksgh794ytowhjklgn934ngmsnnmlrj9096345u075u80375ngsr";
$g_key1 = $_GET['authkey1'];
$g_key2 = $_GET['authkey2'];
if (empty($g_key1) || empty($g_key2)) {
die("Improper authorization");
}
if ($g_key1 != $key1 || $g_key2 != $key2) {
die("Improper authorization");
}
// If authentication passes, move on to other functions
Is this method secure or not? Thanks!