Page 1 of 1

Write a file over SSL

Posted: Tue May 03, 2011 4:21 am
by Greffin
Hi.

My client puts security highly. Their website is in a DMZ (and will be referred to as external web from here on), while the rest of their network is behind a firewall and is thus inaccessible from their website. They wish to open as little traffic inwards as possible.
My job is to put up a page which should only be accessible from their internal web (located on a completely different box). This pages function is to generate a html page, write it to disk, and transfer this html file to their external web using SSL. The page should also be able to delete this html file from their external web.

I am thinking of using php's OPEN_SSL packages. But I have little or no experience using SSL, and as far as I have understood SSL is just a term for how the communication is encrypted. It does not contain methods for the actual transfer of the file. For this I must choose either SFTP or SSH2. Is this correct?

How can I make this happen? What needs to be put on the internal web, and what needs to be put on the external web? What are the caveats? Can anybody point me to code samples?

Thanks for all help on this.

Re: Write a file over SSL

Posted: Tue May 03, 2011 2:58 pm
by pickle
My experience with SSL/SSH/SCP/SFTP with PHP is that the modules aren't very robust. Looking through Google, you see lots of problems with those modules.

Why not just make a back end on the web server itself and have this file update through a web interface? You're already doing that on this internal box, but you're also either hard coding a username or password, or setting up a trusted connection between boxes, in order for the SSH to work. Putting the back end right on the webserver would cut out the middle man and reduce the potential security holes.

Re: Write a file over SSL

Posted: Wed May 04, 2011 5:02 am
by Greffin
I got an answear from a different site. Let me post it here so that others which might look for answears can find information:
You probably want to use SSH (I'm assuming Linux machines, not Windows). PHP has internal SSH methods, and even better SSH stream wrappers, so you can do something like the example here: http://www.php.net/manual/en/wrappers.ssh2.php

Note that you must install this feature before it's accessible: http://www.php.net/manual/en/ssh2.installation.php

Setting up SSH public keys will allow the whole thing to work without passwords: http://www.ece.uci.edu/~chou/ssh-key.html

They'll need to open port 22 for SSH on the public server, but you can then configure that server to only listen for requests on that port from the internal network: http://linux-journal.blogspot.com/2005/ ... -into.html

The firewall only needs to allow traffic into port 22 from the internal network TO the external server (i.e. the external server is still prevented from getting back through the firewall).

Re: Write a file over SSL

Posted: Sun May 08, 2011 2:17 am
by Benjamin
I guess I'm not understanding why you would want to transfer a file from a private network to a public one over an ssl connection. e.g. I will drop off the keys to the vault in the park, but be sure to use an armored truck to deliver it.

Granted SSH is easy. Hell you could write the file and run rsync.