When an SMS is received and forwarded via HTTP POST, it would be advantageous if a secret code could be configured to appear as an additional parameter. This would be entered via the web interface at intellisoftware, then added as a parameter (secretcode=blah) and then the receiving script could use this to verify that the message has indeed come from the right place. The concern is that without this, anyone could work out what the SMS receipt URL is and inject them via the web - which doesn't immediately seem to cause any concern, but I would certainly suggest that the option to prevent this from happening should be available particularly as it is so simple to implement.

Users browsing this topic