FRIHOST FORUMS SEARCH FAQ TOS BLOGS COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


Securely connect 2 PHP servers





leontius
Suppose that I have two PHP-based web servers, X and Y, that need to exchange information from/to each other. X must be really sure that it is communicating with Y and vice versa, to prevent eavesdropping by the public. X and Y both serve different public website and do not belong to the same intranet network.

How do I do that securely in PHP (ie. with encryption and stuff)? Do you know any ready-made PHP library for this? Any help is appreciated Smile

PS: I think I can ask people to install things requiring administrative rights on both servers (they are dedicated servers owned by somebody else), but I much prefer a solution that works without installing any PHP extensions or third party programs...
jmraker
http://us.php.net/curl with SSL
or perhaps use pgp
http://pear.php.net/package/Crypt_GPG
rvec
if you made both scripts and you are the only one that can access the scripts, why not just put some key in there?

You could even add the date to make it even harder to decrypt or use a random string as a key every time.
Something to start with: http://nl2.php.net/manual/en/function.mcrypt-module-open.php

If you make the key some combination of the date and a some string (a secret key) and only allow access from one ip I don't see how much could go wrong.
leontius
jmraker wrote:
http://us.php.net/curl with SSL
or perhaps use pgp
http://pear.php.net/package/Crypt_GPG


I considered SSL before but I think enabling it would be too much hassle (because the servers are already in production). GPG is something to consider though (I think it is installed in most systems by default).

rvec wrote:
if you made both scripts and you are the only one that can access the scripts, why not just put some key in there?

You could even add the date to make it even harder to decrypt or use a random string as a key every time.
Something to start with: http://nl2.php.net/manual/en/function.mcrypt-module-open.php

If you make the key some combination of the date and a some string (a secret key) and only allow access from one ip I don't see how much could go wrong.


This is fantastic and seems to be quite easy! Thanks rvec! mcrypt doesn't support asymmetric encryption though... Not that I really need it anyway Wink
rvec
leontius wrote:
This is fantastic and seems to be quite easy! Thanks rvec! mcrypt doesn't support asymmetric encryption though... Not that I really need it anyway Wink

You're welcome Smile
I meant something like making a key like this:
Code:
$random_key = 'MY SECRET STRING'. date('d');
Related topics
how to connect php with mysql?
PHP Tutorial: Basic Shoutbox w/ MySQL
PHP issues >.>
php and xml
MySQL Remote Access/Cron
Strange Problem in PHP-MYSQL
Help, ASP pages!
I could use some help with dropdown lists in php
How competitive is PHP?
Server uptime tracker
Humor :D
How to update database?
creating guestbooks (form) with php & mysql
What could be Default Address for index.html file?
Reply to topic    Frihost Forum Index -> Scripting -> Php and MySQL

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.