LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices

Reply
 
Search this Thread
Old 04-12-2006, 08:45 AM   #1
qscomputing
Member
 
Registered: May 2005
Distribution: Mandriva 2006 Free
Posts: 67

Rep: Reputation: 15
Using PHP to run a script on another server


In a project I'm working on at the minute, using PHP, I need some way for a PHP script on one server to notify a PHP script on a completely different server that it needs to update its database. The first script will have to pass some information into the second script and possibly get an error code back. All communication should be done over HTTP.

My first solution was a method that involved security by obscurity - that is, just running a script that noone knows about, but it would of course be fairly simple to find out about it and send in malicious data.

So, I'd like some suggestions of how to do this with minimal possibility for exploiting by malicious individuals.

Any ideas would be very much appreciated.

TIA,
- QS Computing.
 
Old 04-12-2006, 09:24 AM   #2
graemef
Senior Member
 
Registered: Nov 2005
Location: Hanoi
Distribution: Fedora 13, Ubuntu 10.04
Posts: 2,376

Rep: Reputation: 147Reputation: 147
Here are a few thoughts that go beyond the log in as user on the second system.

Since you know which machine the request is coming from you could use the IP address as part of your security solution. Essentially only allow the second script to run if the request comes from a particular IP address.

Establish a password exchange as follows:
server 1 says hello
server 2 says give me the encrypted password with the following salt
server 1 receives the salt and so encrypts the password something like: md5(password.salt)
server 2 checks the encrypted value and accepts the transaction - or not!

Rather than get the first server to send the information, get the second server to take it from the first server. That way it makes it harder for a third part to provide malicious data.

graeme.
 
Old 04-12-2006, 10:28 AM   #3
qscomputing
Member
 
Registered: May 2005
Distribution: Mandriva 2006 Free
Posts: 67

Original Poster
Rep: Reputation: 15
I think the method of taking it from the second server sounds best. So, if I get the first server to poll the second server, and then it runs a script to take the data back from the first server, that should eliminate the security issues somewhat. It's not really an issue if the data is seen; it's fairly public data anyway.
 
Old 04-12-2006, 10:41 AM   #4
graemef
Senior Member
 
Registered: Nov 2005
Location: Hanoi
Distribution: Fedora 13, Ubuntu 10.04
Posts: 2,376

Rep: Reputation: 147Reputation: 147
You will need to keep track of the files but that is quite simple.

It may work as follows:

server 1 tells server 2 the data is ready
server 2 runs the script and gets the data from server 1 and thus updates the database

Now someone finds this script and wonders what does it do, and so runs it.

server 2 runs the script and gets the data from server 1, but realises that it has already run this data file and so ignores it.

(The data file could have a timestamp header, requiring server 1 to send the name of the file will help but you don't want anyone getting lucky!)
 
Old 04-12-2006, 10:49 AM   #5
95se
Member
 
Registered: Apr 2002
Location: Windsor, ON, CA
Distribution: Ubuntu
Posts: 740

Rep: Reputation: 32
If the 2nd server has SSL, just use curl and send the password w/ the request. SSL will ensure no one sees the password.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
cannot get tu run a php script in cron alain Linux - General 6 02-06-2006 02:54 AM
to run a html or php script with php5 command vincent_fr_60 Linux - Software 1 01-20-2006 06:41 AM
php script will not run correctly as cron, fine from cli dtra Linux - Software 2 12-22-2005 07:21 AM
How do I run a PHP script as a service? robbiemorgan Linux - Newbie 3 04-13-2005 02:03 PM
PHP HOWTO : Run script as root guideweb Linux - Software 3 08-22-2004 11:38 PM


All times are GMT -5. The time now is 11:41 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration