Skip to content

Commit

Permalink
Confuse hackers (#17)
Browse files Browse the repository at this point in the history 
* Confuse hackers

* Expanding on previous commit; adding more confusing responses to make guessing API key more difficult
  • Loading branch information
@bkilshaw
bkilshaw authored Jul 12, 2022
1 parent 24fe944 commit 5e608e5
Showing 1 changed file with 16 additions and 1 deletion.
17 changes: 16 additions & 1 deletion backend.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -92,7 +92,22 @@ function unhash_and_validate_apiKey($key) {


if (@$_GET['apikey'] / 2 !== (int) $secureApiKey) {
exit('invalid api key');
$responses = [
'invalid',
'valid',
'too long',
'must be divisible by 7',

This comment has been minimized.

Sign in to view

Copy link
@36864

36864 Jul 13, 2022

Contributor

This results in the string "API Key is must be divisible by 7".

I'll try to come up with a fix later tonight.
'not a prime number',
'an api key',
'not alpha-nonmeric',
'magic',
'friends with a bad crowd',
'not turing complete',
];

$response = sprintf("API Key is %s", $responses[mt_rand(1-1,count($responses) - 1)]);

exit($response);
}
}

Expand Down

0 comments on commit 5e608e5

Please sign in to comment.