Jump to content
bernhard

communicating to remote site

Recommended Posts

hi guys,

i'm developing a module to pull data from a live site so that i have a copy of this site on my local dev environment with one click. i plan to do it like this:

both sites will be setup manually for the first time. than i will install my module on both sites and they get one superuser with the same name + password

then, on DEV

  • click button, send POST request to the remote site with this data:
    • name = $user->name (dev admin user)
    • password = $user->pass

on LIVE

  • fetch username + password
  • compare $user->pass (live admin user) and password of post data
  • if they match, force login (without password, as the password is the encrypted password and not the password itself
  • return requested data

on DEV

  • get the data and do stuff

would this procedure be safe? could anybody sniff my admin password when i'm only sending and getting data via HTTPS?

the reason why i do not send the actual password is because the user is already logged in and i only get the encrypted version from the db. and i don't want to force the user to input the password on every request...

thank you for your help!

Share this post


Link to post
Share on other sites

Sounds like an interesting idea. The multi-instance support may be able to do this in the future according to Ryans blog post, so I guess secure authentication / communication between two apps will be something that has to be solved at some point. 

Maybe you can look at using an Oauth solution. The Oauth2 server from the PHP league seems to be highly recommended
https://oauth2.thephpleague.com/

and they also have an Oauth client…
http://oauth2-client.thephpleague.com/

Laravel recently integrated this Oauth2 server and called it Passport, to make doing authentication very easy. It’s explained here:
https://laravel.com/docs/5.3/passport

 

  • Like 3

Share this post


Link to post
Share on other sites

I like this post, could be a really cool experiment. You could also use a php based ssh client to connect your machines and execute some scripts / bootstrap processwire via shell. You could then use ssh keys to secure your connection. Even going further you could do something on your server to limit your ssh connections of this user to one ip. 

What did you end up doin bernhard?

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...