bernhard Posted October 27, 2016 Share Posted October 27, 2016 hi guys, i'm developing a module to pull data from a live site so that i have a copy of this site on my local dev environment with one click. i plan to do it like this: both sites will be setup manually for the first time. than i will install my module on both sites and they get one superuser with the same name + password then, on DEV click button, send POST request to the remote site with this data: name = $user->name (dev admin user) password = $user->pass on LIVE fetch username + password compare $user->pass (live admin user) and password of post data if they match, force login (without password, as the password is the encrypted password and not the password itself return requested data on DEV get the data and do stuff would this procedure be safe? could anybody sniff my admin password when i'm only sending and getting data via HTTPS? the reason why i do not send the actual password is because the user is already logged in and i only get the encrypted version from the db. and i don't want to force the user to input the password on every request... thank you for your help! Link to comment Share on other sites More sharing options...
Michael Murphy Posted October 29, 2016 Share Posted October 29, 2016 Sounds like an interesting idea. The multi-instance support may be able to do this in the future according to Ryans blog post, so I guess secure authentication / communication between two apps will be something that has to be solved at some point. Maybe you can look at using an Oauth solution. The Oauth2 server from the PHP league seems to be highly recommendedhttps://oauth2.thephpleague.com/ and they also have an Oauth client…http://oauth2-client.thephpleague.com/ Laravel recently integrated this Oauth2 server and called it Passport, to make doing authentication very easy. It’s explained here:https://laravel.com/docs/5.3/passport 3 Link to comment Share on other sites More sharing options...
MuchDev Posted December 9, 2016 Share Posted December 9, 2016 I like this post, could be a really cool experiment. You could also use a php based ssh client to connect your machines and execute some scripts / bootstrap processwire via shell. You could then use ssh keys to secure your connection. Even going further you could do something on your server to limit your ssh connections of this user to one ip. What did you end up doin bernhard? Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now