This package can protect applications against suspicious access.
It provides a class that implements a REST API server, which can track suspicious HTTP requests using a database accessed via PDO.
The PHP applications can send HTTP requests to the API to request a session token from the server.
The server validates the current user and generates a secure token.
The application can monitor and report suspicious activities to the server.
The server can immediately expire sessions and automatically remove expired sessions and logs.
Server-Side Protection Features:
Token-Based Security:
- HMAC-signed session tokens with expiration
- Secure token generation and validation
- Rate limiting to prevent abuse
Session Management:
- SQLite database tracking all sessions
- Access counting and monitoring
- Automatic cleanup of expired sessions
Threat Detection:
- Suspicious activity logging and reporting
- Auto-expiration after multiple violations
- IP address monitoring (optional)
Real-Time Integration:
- Client validates with the server every 30 seconds
- The server can override the client timing
- Immediate session termination on threats
Key Security Layers:
1. Client-Side: JavaScript protection against screenshots and navigation
2. Server-Side: PHP token validation and session management
3. Database: SQLite logging and tracking
4. Network: CORS protection and rate limiting
Production Ready:
1. Comprehensive error handling
2. Security headers and CORS protection
3. Rate limiting and abuse prevention
4. Debug mode for troubleshooting
5. Performance optimizations
6. GDPR/CCPA compliance considerations |
