php to php communication for new application

Not for 'how-to' coding questions but PHP theory instead, this forum is here for those of us who wish to learn about design aspects of programming with PHP.

Moderator: General Moderators

Post Reply
smokeman
Forum Newbie
Posts: 1
Joined: Tue Sep 14, 2010 12:53 pm

php to php communication for new application

Post by smokeman »

I have a new application I will be coding, which has some unique design problems I want some various opinions on.
Basically this is 2 applications that will talk to each other.
The site A application will be a web app frontend(php/ajax), that will accept connections from site B, which will be an internal php/ajax based web application. I want clients at site B, to get identity certificates, that they can paste into their site B gui, and then they will generate "requests" which will then be fulfilled from site A's server. Site A, will authenticate site B , setup a secure tunnel, and then allow site B to call methods from site A, which will generate a response that will need to be sent to Site B. Basically this is a trust setup, and the identity certificate will need to be purchased from a cert provider, that can verify the identity of SiteB, then Site A, and Site B will both store the resulting certificate, and it will be used as the "signature" of the request.

I'm not sure how to proceed, since I've never done an app with this type of inter-communication necessity. obviously, this will have to be hack proof.
I have a couple of ideas:
1)use http://phpseclib.sourceforge.net/ to set up a secure tunnel, but it just appears that this would be a ssh2 tunnel, and that wants to manipulate files, not allow php communication.
2)use gearman : http://www.php.net/manual/en/book.gearman.php, this looks promising, since It is for load balancing, and has support for asynchronous jobs...but will have to be combined with a tunneling protocol.
3)http://php.net/manual/en/book.curl.php, this just looks to support handling of http requests inside php, but it supports the verification of the certificates.
4)fall back on php socket programming, if necessary.

I also saw a project from the symphony framework http://components.symfony-project.org/e ... troduction
is there anything else I'm missing, or any questions on the design aspect?
mcrypt?

I am also worried about the problem of clients renewing the certificates from year to year.
any suggestions on that aspect to make it easier?

Thanks!
Post Reply