Ok, guys, I've been thinking and thinking and thinking, and now finally out of ideas...
So I've devolped this WordPress plugin, that takes customers info from a SQL DB on my server, through cURL.
So this is what happens:
Each user that downloads the plugin from my site has a unique ID which is generated from Mysql (auto_increment). This ID is stored in the plugin on download. The plugin then uses this ID to select a row and take some info (sensetive info) in my db on my server, using cURL.
So, here's how it fetches the info:
1.) The unique ID is $_POST'ed to the target page (my_curl.php)
2.) A preg_match is ran on the posted ID to help prevent any silly SQL injections.
3.) The row is selected and the info is fetched.
4.) The info fetched from the DB gets JSON ENCODE.
Now anyone can just go in to the plugins files, and do this:
if their copy of the plugin was assigned to the id: 21645875457
they go in and change that id to one up or down: 21645875458 or 21645875456.
they then run the plugin, and they see someone elses sensetive info....
Can anybody come up with a few suggestions, to prevent this. I know its close to impossible, but there's got to be something, right?
If i send some more info from the plugin to the curl target, the evil moster could just simply change that.
Another peice of info that is in the DB is the domain the plugin is assigned to.
I was thinking of posting the current domain ($_SERVER['HTTP_HOST']) to the cURL page and have it verified with the ID (check if the domain is in the same row as the ID).
That would make it harder for the attacker as they will need to know the ID AND the domain they want to steal the info from but i need something more secure...
An easy way to increase the entrophy of the ID-to-info mapping (or, as you suggest, ID-and-host-to-customer mapping) is to not use sequential IDs, but instead assign something more complex like, say, a generated UUID.
You could generate 'password' (in other words, random string) and store it in directory of plugin. Also, save the 'password' into your database. Now, whenever someone wants to access any sensetive data - he need to provide not only the ID, but also the password. They must match, obviously. (: