Jump to content

communicating to remote site


bernhard
 Share

Recommended Posts

hi guys,

i'm developing a module to pull data from a live site so that i have a copy of this site on my local dev environment with one click. i plan to do it like this:

both sites will be setup manually for the first time. than i will install my module on both sites and they get one superuser with the same name + password

then, on DEV

  • click button, send POST request to the remote site with this data:
    • name = $user->name (dev admin user)
    • password = $user->pass

on LIVE

  • fetch username + password
  • compare $user->pass (live admin user) and password of post data
  • if they match, force login (without password, as the password is the encrypted password and not the password itself
  • return requested data

on DEV

  • get the data and do stuff

would this procedure be safe? could anybody sniff my admin password when i'm only sending and getting data via HTTPS?

the reason why i do not send the actual password is because the user is already logged in and i only get the encrypted version from the db. and i don't want to force the user to input the password on every request...

thank you for your help!

Link to comment
Share on other sites

Sounds like an interesting idea. The multi-instance support may be able to do this in the future according to Ryans blog post, so I guess secure authentication / communication between two apps will be something that has to be solved at some point. 

Maybe you can look at using an Oauth solution. The Oauth2 server from the PHP league seems to be highly recommended
https://oauth2.thephpleague.com/

and they also have an Oauth client…
http://oauth2-client.thephpleague.com/

Laravel recently integrated this Oauth2 server and called it Passport, to make doing authentication very easy. It’s explained here:
https://laravel.com/docs/5.3/passport

 

  • Like 3
Link to comment
Share on other sites

  • 1 month later...

I like this post, could be a really cool experiment. You could also use a php based ssh client to connect your machines and execute some scripts / bootstrap processwire via shell. You could then use ssh keys to secure your connection. Even going further you could do something on your server to limit your ssh connections of this user to one ip. 

What did you end up doin bernhard?

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...