securely transferring data from only one site to another

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
wackyakmed
Forum Newbie
Posts: 12
Joined: Sat Dec 16, 2006 10:37 am

securely transferring data from only one site to another

Post by wackyakmed »

I am writing a simple script that receives data from another site. The data is then processed and stored in my database. Since the data will always be coming from the same website, I'd like this forum's input on whether limiting access to the script based on host name is a legitimately secure tactic. Also, what is the php command to achieve this? Thanks for the advice in advance!
User avatar
neophyte
DevNet Resident
Posts: 1537
Joined: Tue Jan 20, 2004 4:58 pm
Location: Minnesota

Post by neophyte »

One way you could accomplish this is through a .htaccess command. Use the allow and deny directive on the file. I can't remember the exact directives. But you should be able find it googling for something like: htaccess deny allow...

Something like that.
jmut
Forum Regular
Posts: 945
Joined: Tue Jul 05, 2005 3:54 am
Location: Sofia, Bulgaria
Contact:

Post by jmut »

maybe you could also try to simulate some public/private keys infrastructure.
Where sending site sends some key/token or whatever....that should be correct for your side to process....but this is probably not necessary :)
Make .htaccess approach first.
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

if your really serious about security, you should consider hosting the sites on the same server and sharing the database..

you could even setup a remote link to the database and fetch the info directly
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Post by Ambush Commander »

I'd go for the public/private key infrastructure. GnuPG is always a good pick.
Post Reply