I have SERVER-X that preforms a task.
When it's completed, I want to send a request to SERVER-Y that inserts a DB record on that server. SERVER-X can easily make a curl request to update the records however this terrifies me. Anyone in the world could make this request millions of times.
Is there a way to do this securely? My initial thought was to use a white list of accepted servers however that could also be spoofed. Is there a hand-shake token mechanism I could use?
Thanks!
Send requests to different servers - securely
Moderator: General Moderators
-
dimxasnewfrozen
- Forum Commoner
- Posts: 84
- Joined: Fri Oct 30, 2009 1:21 pm
- Christopher
- Site Administrator
- Posts: 13596
- Joined: Wed Aug 25, 2004 7:54 pm
- Location: New York, NY, US
Re: Send requests to different servers - securely
There are a number of ways to make authenticated request: RPC, SOAP, OAuth, etc. Use HTTPS of course. You can always just require a User ID and Password hash.
I'd recommend finding a library in active development and use by the community. Check the large frameworks, such as Zend or Symfony, for this. Do not write it yourself -- security requires a lot of continuous testing and oversight to get right.
I'd recommend finding a library in active development and use by the community. Check the large frameworks, such as Zend or Symfony, for this. Do not write it yourself -- security requires a lot of continuous testing and oversight to get right.
(#10850)