[thelist] Call a php script on another server?
Max Schwanekamp
lists at neptunewebworks.com
Wed May 31 17:21:41 CDT 2006
> From: Travis Brunn
> Is there anything particularly bad about doing something like this...
>
> <?phpecho "here is output from a remote secret script:
> ";readfile
> (http://www.myremoteserver.com/outputstuff.php?pw=secret);?>
>
> ...and passing a password in the querystring as a safeguard?
> (So that if the script was executed without the password it
> wouldn't output any content?)
http://www.myremoteserver.com/outputstuff.php?pw=secret
It may be obscured from the user, but http is still non-secure. Use https.
If possible, restrict access to outputstuff.php to the IP address of the
server reading the remote file. This restriction can be put in httpd.conf,
.htaccess (prob best) or in the script outputstuff.php, e.g.
<?php
if(isset($_SERVER['REMOTE_ADDR'])
&& '192.168.1.1' == $_SERVER['REMOTE_ADDR']) echo _THEPASSWORD;
else echo 'Bah!';
?>
More information about the thelist
mailing list