Secure way of remote PHP include?
I'm looking for a secure way of including a file from one of my servers to another.
Any help or snippets would be amazing.
Thanks :)
EDI开发者_如何转开发T: I need to the file to perform things, so "get_file_contents" wouldn't do me much good. Thanks
Don't do it. It's a huge performance and reliability drawback (your site starts depending on the availability of two servers instead of just one).
If you really need this, passing a secret token in the include might be one idea to make it half-way secure.
To keep from having (possibly) very bad performance issues related to retrieving a file from a remote server during execution, I would recommend you retrieve the required files once a day and cache them locally.
You can simply setup a cron job and use scp
to copy it from the remote server
The secure way?
Don't do it. If you control both servers, put the same content on both and slave them together with periodic rsync
or something.
You can use curl.
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $your_page);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 1);
curl_setopt($curl, CURLOPT_CAINFO, $your_certificate);
curl_exec($curl);
curl_close($curl);
See: http://www.php.net/manual/en/function.curl-setopt.php
You could use eval(file_get_contents(...));
, but that screams bad idea.
Is there any reason you can't host the executable files on the same server, or commit the files to the server to be executed?
The better solution would be to build a webservice or something of the like that could be "talked to" by other people's sites. This way, they're not "slurping" your code, causing awful performance and possibly security issues.
But, it's not always realistic to expect others to be able to build code that can talk to a webservice.....SO:
That being said, my company offers clients "webforms" for their websites....essentially a simple form page that's auto generated and "talks to" our application. Users go to our client's websites, enter information into the form hosted on our site (but embedded in theirs) and post data to our application when they hit submit. We opted to go with iFrames (YUCK!) to make it work because most of our clients are dealing with either straight HTML or .net based servers while we work in PHP. It's not ideal, but it works well. And, we know no matter who is running it, 3 lines of code gets their webform online. Most people can handle that. You'll see similar solutions employed by industry leaders such as SurveyGizmo, etc.
精彩评论