开发者

Is there a way to verify client with curl?

开发者 https://www.devze.com 2023-02-01 18:16 出处:网络
I\'m making a client/server application with php. The server takes an array serializes and echos the result.

I'm making a client/server application with php.

The server takes an array serializes and echos the result.

the server could be hosted at www.site1.com/server.php

echo serialize($array);

The client could be hosted at www.site2.com/client.php

$ch = curl_init('http://www.site1.com/server.php');

curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);

echo curl_exec($ch);

What I'm trying to do is to make server.php only echo the information iff the client is from www.site2.com/client.php.

Somethi开发者_如何学Cng like

iff('Client is from www.site2.com/client.php'){
  echo curl_exec($ch)
} else {
  exit();
}

site2 does not have SSL

What variable do i look up, or is there a way to do this?


client.php

$ch = curl_init('http://www.site1.com/server.php?supersecretpassword');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
echo curl_exec($ch);

server.php

if($_SERVER['QUERY_STRING'] === "supersecretpassword"){
  echo curl_exec($ch)
} else {
  exit();
}

As additional security measure you can check in server.php if $_SERVER['REMOTE_ADDR'] is equal to the IP address of the computer your client.php is on.


If the client has a fixed IP, you could reverse DNS the client and see if the IP is correct. No idea how reliable that is though. I'm not into black arts - that path leads to the dark side.


There is no way to accurately secure communications as you describe. The real security-minded answer to your question is to set up a firewall.

0

精彩评论

暂无评论...
验证码 换一张
取 消