NYCPHP Meetup

NYPHP.org

[nycphp-talk] Secure (XML-RPC) connection

Matthew Terenzio webmaster at localnotion.com
Wed Mar 24 10:07:43 EST 2004


I curious to see what others say, because I've never done this, 
exactly.  It sounds like a typical web service, but I'm not sure why it 
is needed to be done this way. With proper precaution, can't the web 
server just interact directly with the database through an SSL?

On Mar 24, 2004, at 9:24 AM, Faber Fedor wrote:

> I need some extra brains for a design I'm doing.  Since it's going to
> involve XML-RPC and PHP, I figured I'd ask here.
>
> I'm putting together a basic shopping cart.  I can't use existing
> solutions because the back end database is called jBASE (a variant of
> PICK). jBASE lives on the Production Server behind a LinkSys
> firewall/router.  The web site sits on the Web Server and is outside of
> the firewall. The plan so far is: user submits a request (places an
> order, wants to see Product ID# 1234, etc.) to the Web Server.  The Web
> Server does some PHP magic and sends the request to the Production
> Server via XML-RPC.  The Production Server does some (PHP?) magic and 
> hands
> the request to the database via CGI calls. When the Production Server
> responds, the process is reversed.
>
> I don't know how to do the XML-RPC magic above, but tht's part of the
> fun of the project.  What I Can't figure out is how to securely 
> transfer
> the data between the two servers. I need a secure connection from the
> Web Server, through the firewall to the Production Server that can't be
> cracked by script kiddies and the like. I tried setting up a VPN tunnel
> using FreeS/WAN And Openswan and I can't get them working after a week,
> so it's time to try something else.
>
> The client insists that this be done in real-time, so I can't have a
> copy of the database on the web server.
>
> Any ideas?
>
> -- 
>
> Regards,
>
> Faber
>
> Linux New Jersey: Open Source Solutions for New Jersey
> http://www.linuxnj.com
>
>
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk




More information about the talk mailing list