Thanks! ---------------------------------------- > From: lists at neptunewebworks.com > To: thelist at lists.evolt.org > Date: Wed, 31 May 2006 15:21:41 -0700 > Subject: Re: [thelist] Call a php script on another server? > > > From: Travis Brunn > > Is there anything particularly bad about doing something like this... > > > > <?phpecho "here is output from a remote secret script: > > ";readfile > > (http://www.myremoteserver.com/outputstuff.php?pw=secret);?> > > > > ...and passing a password in the querystring as a safeguard? > > (So that if the script was executed without the password it > > wouldn't output any content?) > > http://www.myremoteserver.com/outputstuff.php?pw=secret > > It may be obscured from the user, but http is still non-secure. Use https. > If possible, restrict access to outputstuff.php to the IP address of the > server reading the remote file. This restriction can be put in httpd.conf, > .htaccess (prob best) or in the script outputstuff.php, e.g. > <?php > if(isset($_SERVER['REMOTE_ADDR']) > && '192.168.1.1' == $_SERVER['REMOTE_ADDR']) echo _THEPASSWORD; > else echo 'Bah!'; > ?> > > > -- > > * * Please support the community that supports you. * * > http://evolt.org/help_support_evolt/ > > For unsubscribe and other options, including the Tip Harvester > and archives of thelist go to: http://lists.evolt.org > Workers of the Web, evolt ! _________________________________________________________________ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/