Page 1 of 1

Send requests to different servers - securely

Posted: Fri Feb 21, 2014 2:53 pm
by dimxasnewfrozen
I have SERVER-X that preforms a task.

When it's completed, I want to send a request to SERVER-Y that inserts a DB record on that server. SERVER-X can easily make a curl request to update the records however this terrifies me. Anyone in the world could make this request millions of times.

Is there a way to do this securely? My initial thought was to use a white list of accepted servers however that could also be spoofed. Is there a hand-shake token mechanism I could use?

Thanks!

Re: Send requests to different servers - securely

Posted: Sat Feb 22, 2014 11:50 am
by Christopher
There are a number of ways to make authenticated request: RPC, SOAP, OAuth, etc. Use HTTPS of course. You can always just require a User ID and Password hash.

I'd recommend finding a library in active development and use by the community. Check the large frameworks, such as Zend or Symfony, for this. Do not write it yourself -- security requires a lot of continuous testing and oversight to get right.