LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices


Reply
  Search this Thread
Old 01-09-2018, 02:38 PM   #1
newbie14
Member
 
Registered: Sep 2011
Posts: 525

Rep: Reputation: Disabled
Securing and inserting registration info into secure database


Hi All,
Currently I have a php based system with the db is hidden from outside world and only accessible locally after the vpn. The issue now I need to create a web based registration which will stay on another different server but I need to insert those data into the backend db. The problem now I only allow local ip of the web server to allow access to the db. How to secure this registration form data insertion which sits on a different server?
 
Old 01-09-2018, 05:47 PM   #2
keefaz
LQ Guru
 
Registered: Mar 2004
Distribution: Slackware
Posts: 6,115

Rep: Reputation: 685Reputation: 685Reputation: 685Reputation: 685Reputation: 685Reputation: 685
If you save informations from the web server that is behind the vpn, what is the purpose of the other server?
Or you want to synchronize data? I mean update db with informations already stored in the other server?
 
Old 01-09-2018, 09:01 PM   #3
newbie14
Member
 
Registered: Sep 2011
Posts: 525

Original Poster
Rep: Reputation: Disabled
Hi Keefaz,
Ok let me explain.

1. First there the website which is purely html and static content. In it there is a registration form and user will key in their personal particulars and submit for verification which must be inserted into the db.

2. There is application site where there is a login page with user name and password which will be generated after user is verified. This web server will have both public and local ip. Thus I have enable that its local ip to be accessible to the db which will be also accessible locally only.
 
Old 01-09-2018, 10:22 PM   #4
astrogeek
Moderator
 
Registered: Oct 2008
Distribution: Slackware [64]-X.{0|1|2|37|-current} ::12<=X<=14, FreeBSD_10{.0|.1|.2}
Posts: 4,664
Blog Entries: 6

Rep: Reputation: 2525Reputation: 2525Reputation: 2525Reputation: 2525Reputation: 2525Reputation: 2525Reputation: 2525Reputation: 2525Reputation: 2525Reputation: 2525Reputation: 2525
I still find this confusing. Please describe each host and their IP addresses and services separately and clearly.

Here is what I think you have said:

Quote:
Originally Posted by newbie14 View Post
1. First there the website which is purely html and static content. In it there is a registration form and user will key in their personal particulars and submit for verification which must be inserted into the db.
So this is a web server with static content to which information is submitted in an HTML form.

Let's call it HOST1 at IPADDR1.

"The db" would appear to refer to the database on another host described below...

Quote:
Originally Posted by newbie14 View Post
2. There is application site where there is a login page with user name and password which will be generated after user is verified. This web server will have both public and local ip. Thus I have enable that its local ip to be accessible to the db which will be also accessible locally only.
Here you seem to describe a separate host with two IP addresses, one public and one local (via VPN).

Let's call it HOST2 with IPPUBLIC and IPLOCAL.

"The DB" appears to reside on HOST2, but you indicate that it, the DB, is only accessible locally via IPLOCAL, but not via IPPUBLIC.

Your question seems to be how to submit form data to HOST1 and have it inserted to DB on HOST2, is that right?

If not, please try to describe your setup more clearly and precisely.
 
Old 01-10-2018, 11:05 AM   #5
scasey
Member
 
Registered: Feb 2013
Location: Tucson, AZ, USA
Distribution: CentOS 7.4
Posts: 826

Rep: Reputation: 251Reputation: 251Reputation: 251
Or, maybe, "local IP" is just 127.0.0.1 ??
Isn't it typical for the access to a database on a web server to be limited to localhost...at least that's the way I've always configured them.

Form on HOST1 calls script on HOST2 which updates the database...
Code:
<form method="POST" action="http://HOST2/script_name.php">
Since the script is running on HOST2, it is "local" to the database.

Not sure where/how the "verification" is supposed to happen, tho. Is that a manual (human) process?

We definitely need more information.
 
Old 01-10-2018, 11:37 AM   #6
keefaz
LQ Guru
 
Registered: Mar 2004
Distribution: Slackware
Posts: 6,115

Rep: Reputation: 685Reputation: 685Reputation: 685Reputation: 685Reputation: 685Reputation: 685
Quote:
Originally Posted by scasey View Post
Or, maybe, "local IP" is just 127.0.0.1 ??
Isn't it typical for the access to a database on a web server to be limited to localhost...at least that's the way I've always configured them.

Form on HOST1 calls script on HOST2 which updates the database...
Code:
<form method="POST" action="http://HOST2/script_name.php">
Since the script is running on HOST2, it is "local" to the database.

Not sure where/how the "verification" is supposed to happen, tho. Is that a manual (human) process?

We definitely need more information.
But after posting form, the page is served by HOST2, so why not use HOST2 in the first place?
 
1 members found this post helpful.
Old 01-10-2018, 08:42 PM   #7
newbie14
Member
 
Registered: Sep 2011
Posts: 525

Original Poster
Rep: Reputation: Disabled
Hi Keefaz,
I know I can use this method <form method="POST" action="http://HOST2/script_name.php"> that is from HOST1. The issue is HOST1 does not have a local ip so the db is not allowed to accept any external ip connections. I am thinking to run the form on HOST2 itself. Meaning from HOST1 when user click for the form it will bring to HOST2. Is it possible not to show the ip of the HOST2. Yes once they have filled the form the verification is by human process.
 
Old 01-11-2018, 06:59 AM   #8
keefaz
LQ Guru
 
Registered: Mar 2004
Distribution: Slackware
Posts: 6,115

Rep: Reputation: 685Reputation: 685Reputation: 685Reputation: 685Reputation: 685Reputation: 685
You said that HOST2 has both public and local ip, so no reason to hide public ip (local ip is still hidden)

Another solution is to use network library like curl to pass post variables from HOST1 to HOST2 and vice versa, it will get complicated, HOST1 will need server side scripting engine (PHP...), but it's doable.

Quote:
Originally Posted by newbie14 View Post
Yes once they have filled the form the verification is by human process.
Not sure, what you mean with that

Last edited by keefaz; 01-11-2018 at 07:00 AM.
 
Old 01-11-2018, 04:42 PM   #9
scasey
Member
 
Registered: Feb 2013
Location: Tucson, AZ, USA
Distribution: CentOS 7.4
Posts: 826

Rep: Reputation: 251Reputation: 251Reputation: 251
Quote:
Originally Posted by newbie14 View Post
I know I can use this method <form method="POST" action="http://HOST2/script_name.php"> that is from HOST1. The issue is HOST1 does not have a local ip so the db is not allowed to accept any external ip connections. I am thinking to run the form on HOST2 itself. Meaning from HOST1 when user click for the form it will bring to HOST2. Is it possible not to show the ip of the HOST2. Yes once they have filled the form the verification is by human process.
If the script is run on HOST2, then it will be local to the db, yes? That it is called from HOST1 shouldn't matter.
That ^^ is the answer to your original question, right?

But, tell us the process flow from the HOST1 input form through verification and database update, please. I feel we don't have the entire picture.
 
1 members found this post helpful.
Old 01-11-2018, 04:59 PM   #10
astrogeek
Moderator
 
Registered: Oct 2008
Distribution: Slackware [64]-X.{0|1|2|37|-current} ::12<=X<=14, FreeBSD_10{.0|.1|.2}
Posts: 4,664
Blog Entries: 6

Rep: Reputation: 2525Reputation: 2525Reputation: 2525Reputation: 2525Reputation: 2525Reputation: 2525Reputation: 2525Reputation: 2525Reputation: 2525Reputation: 2525Reputation: 2525
@OP: You have begun to use the imagined HOST# terminology I used as an example above, but without confirming whether it was correct or explaining your actual system requirements.

This leaves us all still guessing about what you are actually trying to accomplish. As stated by others, we still do not have the complete picture.

Please see the Site FAQ and links it provides for asking a complete well formed question and responding to those trying to help.

Perhaps you could describe the process as seen by the visitors, when submitting their data and when logging in after verification, including what URL they visit in each case. Then describe it from the admin perspective, how they first receive the personal data, how they process it into a verified state and make use of it, and what access they have to each machine at each step.

Last edited by astrogeek; 01-11-2018 at 05:13 PM.
 
1 members found this post helpful.
Old 01-11-2018, 06:29 PM   #11
newbie14
Member
 
Registered: Sep 2011
Posts: 525

Original Poster
Rep: Reputation: Disabled
Hi Keefaz,
Yes looks like I need to run on HOST2 itself ready because curl will get complicated too.
Quote:
Yes once they have filled the form the verification is by human process.
What I meant by this is that once the user register it will go into the db then the administrator will need to verify the details.
 
Old 01-11-2018, 06:32 PM   #12
newbie14
Member
 
Registered: Sep 2011
Posts: 525

Original Poster
Rep: Reputation: Disabled
Hi Scasey,
Yes I think it will need HOST2 cause only HOST2 has the access to the db. The entire picture is like this I have a website and in it I have a registration form which I need to capture the details and store it into a db. So that the entire picture hope I am clearer now ?
 
Old 01-11-2018, 06:35 PM   #13
newbie14
Member
 
Registered: Sep 2011
Posts: 525

Original Poster
Rep: Reputation: Disabled
Hi Astrogreek,
Ok let me explain in details

1. HOST1.
Is a pure website and in it there is a registration form. I need to capture this details and store into the db. User will key in their details and the admin will then approve. Upon approval email it sent with the user name and also default password to the registered user.

2. HOST2.
This is where application is residing. User can key in their login details and get into it to use the application.

I hope I am clearer now ?
 
Old 01-11-2018, 06:58 PM   #14
keefaz
LQ Guru
 
Registered: Mar 2004
Distribution: Slackware
Posts: 6,115

Rep: Reputation: 685Reputation: 685Reputation: 685Reputation: 685Reputation: 685Reputation: 685
Maybe HOST1 could be configured to send a create account request email to the admin and uppon approval, user log in HOST2?
HOST1 will still need some scripting engine to send the email

Or do both in HOST2 as it is application ready so scripting engine is already set
 
Old 01-11-2018, 10:15 PM   #15
newbie14
Member
 
Registered: Sep 2011
Posts: 525

Original Poster
Rep: Reputation: Disabled
Hi Keefaz,
Yes looks like I will do on HOST2 cause only it has the db access HOST1 does not have it because when user register their details goes into the db first then only admin picks from the db and do the approval.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Inserting data from different mysql databases in to one database! charly78 Programming 10 08-10-2015 06:10 PM
Inserting mysql database using shh putty bbrian017 Linux - Newbie 8 07-25-2010 02:27 AM
I need help securing my postgresql database... trist007 Linux - Security 12 01-10-2010 07:38 PM
Securing DHCP on MAC adress? Or another way to secure it? Obig Linux - Networking 1 10-09-2008 09:19 AM
info on inserting a new module to existing kernel aus9 Linux - Kernel 1 09-18-2006 01:33 AM

LinuxQuestions.org > Forums > Non-*NIX Forums > Programming

All times are GMT -5. The time now is 04:10 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration