Securing and inserting registration info into secure database
ProgrammingThis forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Securing and inserting registration info into secure database
Hi All,
Currently I have a php based system with the db is hidden from outside world and only accessible locally after the vpn. The issue now I need to create a web based registration which will stay on another different server but I need to insert those data into the backend db. The problem now I only allow local ip of the web server to allow access to the db. How to secure this registration form data insertion which sits on a different server?
If you save informations from the web server that is behind the vpn, what is the purpose of the other server?
Or you want to synchronize data? I mean update db with informations already stored in the other server?
1. First there the website which is purely html and static content. In it there is a registration form and user will key in their personal particulars and submit for verification which must be inserted into the db.
2. There is application site where there is a login page with user name and password which will be generated after user is verified. This web server will have both public and local ip. Thus I have enable that its local ip to be accessible to the db which will be also accessible locally only.
I still find this confusing. Please describe each host and their IP addresses and services separately and clearly.
Here is what I think you have said:
Quote:
Originally Posted by newbie14
1. First there the website which is purely html and static content. In it there is a registration form and user will key in their personal particulars and submit for verification which must be inserted into the db.
So this is a web server with static content to which information is submitted in an HTML form.
Let's call it HOST1 at IPADDR1.
"The db" would appear to refer to the database on another host described below...
Quote:
Originally Posted by newbie14
2. There is application site where there is a login page with user name and password which will be generated after user is verified. This web server will have both public and local ip. Thus I have enable that its local ip to be accessible to the db which will be also accessible locally only.
Here you seem to describe a separate host with two IP addresses, one public and one local (via VPN).
Let's call it HOST2 with IPPUBLIC and IPLOCAL.
"The DB" appears to reside on HOST2, but you indicate that it, the DB, is only accessible locally via IPLOCAL, but not via IPPUBLIC.
Your question seems to be how to submit form data to HOST1 and have it inserted to DB on HOST2, is that right?
If not, please try to describe your setup more clearly and precisely.
Or, maybe, "local IP" is just 127.0.0.1 ??
Isn't it typical for the access to a database on a web server to be limited to localhost...at least that's the way I've always configured them.
Form on HOST1 calls script on HOST2 which updates the database...
Or, maybe, "local IP" is just 127.0.0.1 ??
Isn't it typical for the access to a database on a web server to be limited to localhost...at least that's the way I've always configured them.
Form on HOST1 calls script on HOST2 which updates the database...
Hi Keefaz,
I know I can use this method <form method="POST" action="http://HOST2/script_name.php"> that is from HOST1. The issue is HOST1 does not have a local ip so the db is not allowed to accept any external ip connections. I am thinking to run the form on HOST2 itself. Meaning from HOST1 when user click for the form it will bring to HOST2. Is it possible not to show the ip of the HOST2. Yes once they have filled the form the verification is by human process.
You said that HOST2 has both public and local ip, so no reason to hide public ip (local ip is still hidden)
Another solution is to use network library like curl to pass post variables from HOST1 to HOST2 and vice versa, it will get complicated, HOST1 will need server side scripting engine (PHP...), but it's doable.
Quote:
Originally Posted by newbie14
Yes once they have filled the form the verification is by human process.
I know I can use this method <form method="POST" action="http://HOST2/script_name.php"> that is from HOST1. The issue is HOST1 does not have a local ip so the db is not allowed to accept any external ip connections. I am thinking to run the form on HOST2 itself. Meaning from HOST1 when user click for the form it will bring to HOST2. Is it possible not to show the ip of the HOST2. Yes once they have filled the form the verification is by human process.
If the script is run on HOST2, then it will be local to the db, yes? That it is called from HOST1 shouldn't matter.
That ^^ is the answer to your original question, right?
But, tell us the process flow from the HOST1 input form through verification and database update, please. I feel we don't have the entire picture.
@OP: You have begun to use the imagined HOST# terminology I used as an example above, but without confirming whether it was correct or explaining your actual system requirements.
This leaves us all still guessing about what you are actually trying to accomplish. As stated by others, we still do not have the complete picture.
Please see the Site FAQ and links it provides for asking a complete well formed question and responding to those trying to help.
Perhaps you could describe the process as seen by the visitors, when submitting their data and when logging in after verification, including what URL they visit in each case. Then describe it from the admin perspective, how they first receive the personal data, how they process it into a verified state and make use of it, and what access they have to each machine at each step.
Hi Scasey,
Yes I think it will need HOST2 cause only HOST2 has the access to the db. The entire picture is like this I have a website and in it I have a registration form which I need to capture the details and store it into a db. So that the entire picture hope I am clearer now ?
1. HOST1.
Is a pure website and in it there is a registration form. I need to capture this details and store into the db. User will key in their details and the admin will then approve. Upon approval email it sent with the user name and also default password to the registered user.
2. HOST2.
This is where application is residing. User can key in their login details and get into it to use the application.
Maybe HOST1 could be configured to send a create account request email to the admin and uppon approval, user log in HOST2?
HOST1 will still need some scripting engine to send the email
Or do both in HOST2 as it is application ready so scripting engine is already set
Hi Keefaz,
Yes looks like I will do on HOST2 cause only it has the db access HOST1 does not have it because when user register their details goes into the db first then only admin picks from the db and do the approval.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.