I'm making a client/server application with php.
The server takes an array serializes and echos the result.
the server could be hosted at www.site1.com/server.php
echo serialize($array);
The client could be hosted at www.site2.com/client.php
$ch = curl_init('http://www.site1.com/server.php');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
echo curl_exec($ch);
What I'm trying to do is to make server.php only echo the information iff the client is from www.site2.com/client.php.
Somethi开发者_如何学Cng like
iff('Client is from www.site2.com/client.php'){
echo curl_exec($ch)
} else {
exit();
}
site2 does not have SSL
What variable do i look up, or is there a way to do this?
client.php
$ch = curl_init('http://www.site1.com/server.php?supersecretpassword');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
echo curl_exec($ch);
server.php
if($_SERVER['QUERY_STRING'] === "supersecretpassword"){
echo curl_exec($ch)
} else {
exit();
}
As additional security measure you can check in server.php if $_SERVER['REMOTE_ADDR'] is equal to the IP address of the computer your client.php is on.
If the client has a fixed IP, you could reverse DNS the client and see if the IP is correct. No idea how reliable that is though. I'm not into black arts - that path leads to the dark side.
There is no way to accurately secure communications as you describe. The real security-minded answer to your question is to set up a firewall.
精彩评论