I have a login form on one server, server A. Hosted on another server, server B, I have a script to check the data and return the result. Server B sends the result to server A, but I don't want to pass the result back in the URL or headers with various redirects, because people can spoof a "true/false" to change the result of the login.
e.g.
I can't use HTTPS/SSL as my web host does not support it for free.
You could set up an ssh tunnel between the servers and have the web server on B listen only on localhost:Bs_tunnel_port, while A connects to its localhost:As_tunnel_port.
Or get that SSL thing going... ;)
Related
I have 2 servers, let's call them server A and server B. Server A is publicly hosted and has a public facing front-end. Users can visit a page on Server A and submit a form, which needs to be submitted to a page hosted on a private network that Server A does not have access to Server B, however does have access to said private network.
What I need to achieve, is for Server A formulate the request and then execute it from Server B, so that it can hit the page on the private network. The flow would be:
1. User submits form
2. Server A formulates an HTTP request and passes it to Server B
3. Server B executes the HTTP request and passes the result back to Server A
3. Server A acts upon the result of the executed request
The solution I have so far come up with is to have Server B host a PHP built API-like interface with 1 function: ExecuteHTTPRequest(targetURL, requestBody, parameters). Server A will then call this function, passing in the URL it wants to hit, the body of the request, and any additional parameters that have been set, and receive the result of the request, as if it had executed it itself.
The downside of this solution is that it means opening up access on an entire port on Server B for this specific purpose (albeit only from Server A), and that a web server is required to be running on Server B. So, I'm wondering if there is some other solution that might be more appropriate?
I have 3 server that same server application is running on each of them. each installation of server app has its own configurations, data and settings.
other client users or client applications can connect to this servers and communicate with them.
this servers are in different places.
this application are created by PHP and servers are ubuntu servers, each server has its own static IP.
but now i need to share some data between this server applications. for example server A needs to access to information of server B's customers. or main admin of system want to see some information of server C. other scenario may be back up/sync. each server with 4th server with special application.
what is the best and more secure way to share some data between server applications? for example application A on server A needs some data get from application B on server B, or send some data to it.
There are several ways to do this, and it depends on if your goal is to send data synchronously or asynchronously.
If you want to send data synchronously (that is, send data, and wait for a response before proceeding to whatever the next step), use HTTPS.
If you want to send data asynchronously (that is, send data, then go off and do something else while the response can come back at any time), use XMPPS.
Both run over SSL, so that will handle the security side of things. Both HTTP and XMPP services are plentiful, so building the scripts to use these services for communication would be relatively straight-forward.
Suppose server A, via domain A, hosts a website.
Suppose server A, via domain B, also hosts a web service.
The website calls this web service via a PHP/cURL-based API.
Question: even though they live on the same physical server, am I right in thinking the request goes out to the ether and back in, because the domains are different, or does cURL/something have some way of "knowing" it's really the same server, and so there's no reason to go outside?
As far as I know, the request leaves the server no matter what since it's over http - there's no way of it knowing weather the two resources are on the same server or not. You could rip through all the source code but I don't think it would do that - usually if you want to call a resource on the same server you can use absolute file paths as opposed to http requests.
curl source:
curl source
I have never needed to do this before, but I am developing an application which will be installed to a users website - but it will need to query data held in a database stored on the application's server.
Server A (client - domian: www.example.com)
Server B (application).
There will be a form on Server A (a Search form) which POSTS search data to the Server B (application) along with some information about Server A (domain, IP).
Server B handler will:-
1.) Check if Server A is an actual client (i.e. is domain (www.example.com) in the allowed domains list and does the request come from the IP of Server A.
2.) If 1.) is TRUE, it will process the request, and return a response being the results of the query.
I can't seem to find anything on Google or this site where someone wants to do this? I could be searching for the wrong thing though.
Also, would there be any limits on the size of the array that is returned back to Server A??
I do not want to grant DB access to the user - unless this is the only solution (i.e. create a new mysql DB user with READ only capability upon activation of the application).??
Any help much appreciated
IF you're posting data to server b (the db host) then the query will be run locally on that server.
What you need is some script that can handle your post OR if you want to connect to the db from server A and also handle the post i server A then you have to give that server the right to connect to the db-server.
So then thing you need to do is to write a script on the server B that will handle the post.
My guess is that you're better of giving server A (proper)access rights to the db on server B.
I have two PHP applications on the same Apache server. At some point, application A needs to call a URL on application B.
So let's say a script located at http://somedomain.com/app1/action need to download http://somedomain.com/app2/action using file_get_contents() (the domain is the same for both applications)
I was wondering how does PHP handle this? Is the request going through the whole internet, as if it was a call to an external URL? Or is it somehow optimizing it and accessing the application on the server directly?
I think it depends from your DNS resolution and is not related to PHP.
If your network is properly configured, you should be able to access the site on your local network even by calling the public url.
To be sure about your request not leaving the server, you could use the localhost ( or 127.0.0.1 ) address. You can also use the local ip address to access it over the local network.
It uses the whole TCP/IP stack of the operating system, if that's what you want to know.
If it's in the same server, it wouldn't have to resolve the DNS name if you use 127.0.0.1 instead of somedomainname.com.
Usually request do not "go out" of your server, so application B is accessed quicly by application A.
Requests can "go out" in the wild and then being routed back to your server (and that's not so good for performance) if your server DNS are not configured well (pratically, your server can't recognize itself as somedomain.com).
The whole internet is big. But it would unlikely leave the server, depending on the network layout.
The request goes through every server between the source and the destination. Since they are the same, that is no servers.