Reputation:
Secure way of remote PHP include?
I'm looking for a secure way of including a file from one of my servers to another.
Any help or snippets would be amazing.
Thanks :)
EDIT: I need to the file to perform things, so "get_file_contents" wouldn't do me much good. Thanks
Upvotes: 0
Views: 509
Answers (6)
Reputation: 11
You can use curl.
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $your_page);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 1);
curl_setopt($curl, CURLOPT_CAINFO, $your_certificate);
curl_exec($curl);
curl_close($curl);
See: http://www.php.net/manual/en/function.curl-setopt.php
Upvotes: 1
Reputation: 12870
The better solution would be to build a webservice or something of the like that could be "talked to" by other people's sites. This way, they're not "slurping" your code, causing awful performance and possibly security issues.
But, it's not always realistic to expect others to be able to build code that can talk to a webservice.....SO:
That being said, my company offers clients "webforms" for their websites....essentially a simple form page that's auto generated and "talks to" our application. Users go to our client's websites, enter information into the form hosted on our site (but embedded in theirs) and post data to our application when they hit submit. We opted to go with iFrames (YUCK!) to make it work because most of our clients are dealing with either straight HTML or .net based servers while we work in PHP. It's not ideal, but it works well. And, we know no matter who is running it, 3 lines of code gets their webform online. Most people can handle that. You'll see similar solutions employed by industry leaders such as SurveyGizmo, etc.
Upvotes: 0
Reputation: 385174
The secure way?
Don't do it. If you control both servers, put the same content on both and slave them together with periodic rsync or something.
Upvotes: 2
Reputation: 3172
To keep from having (possibly) very bad performance issues related to retrieving a file from a remote server during execution, I would recommend you retrieve the required files once a day and cache them locally.
You can simply setup a cron job and use scp to copy it from the remote server
Upvotes: 2
Reputation: 179066
You could use eval(file_get_contents(...));, but that screams bad idea.
Is there any reason you can't host the executable files on the same server, or commit the files to the server to be executed?
Upvotes: 0
Reputation: 449465
Don't do it. It's a huge performance and reliability drawback (your site starts depending on the availability of two servers instead of just one).
If you really need this, passing a secret token in the include might be one idea to make it half-way secure.
Upvotes: 3
Related Questions
- PHP include from external server
- secure php-included file in php code
- most secure way to "call" a php file
- Secure Include php
- including a remote file in PHP
- Keeping PHP Includes Secure
- Protect call to remote php script
- PHP Alternatives to Remote File Inclusion
- How can I protect my included php files from direct access?
- secure include files