J
J
joger2011-04-26 20:47:01
PHP
joger, 2011-04-26 20:47:01

Data exchange between two PHP scripts

There are 2 scripts on one server.
First, script A is called and waits.
Then script B is called, which receives the data and must pass it to script A.
So, what is the safest way to transfer this data?
I proceed from the most critical case, that it is at this moment that a hacker breaks in and takes everything.
Therefore, the database and files seem to disappear.
So RAM would be ideal, but is that even possible?
Other options?
for clarification: both requests are made by the same user to the same domain. One time JSONP, another time authorization on the site.

Or am I being "foolish"?

Answer the question

In order to leave comments, you need to log in

11 answer(s)
Z
zizop, 2011-04-26
@joger

Use shared memory segments for sharing. And for security, use data encryption in them.

B
bruteo, 2011-04-26
@bruteo

If a hacker breaks in, then why shouldn't he look into "RAM" or somewhere else, since he can know about the files and the database?

E
ertaquo, 2011-04-26
@ertaquo

Why not use databases? If you need to keep data in memory, then put memcached and that's it. Or a MEMORY table in MySQL.

@
@resurection, 2011-04-27
_

If the cracker has FULL access, then he will be able to look anywhere, wherever you are saved. And why should he intercept data if he can take the finished result of the script? Even data encryption will not protect, because he will be able to view the source and find out the algorithm and key.

R
ramilexe, 2011-04-26
@ramilexe

Script A.php

<?php
 
$params  =  "some params" ;
$result  =  shell_exec ( 'php b.php ' . $params ) ;
 
echo  "Result of B script is: " . $result ;
?>

P
phasma, 2011-04-27
@phasma

Well, in general, this is not a task for scripting languages, because you can get the source, etc.

J
joger, 2011-04-27
@joger

I'll describe what's going on, maybe it will help.
so. the user needs to transfer certain information to site A (not mine), on which he is located. this information is stored on my server in a form encrypted with the user's password.
Site A has a link to me. When pressed, 2 things happen. A JSONP request is sent to my server and the user goes to my site.
The user sets his login + password, the information from the database is decrypted, transferred to another script (!!!), a JSONP response is formed from it and everyone is happy. and here it is-!!! - I'm worried now

B
Begetan, 2011-04-27
@Begetan

HTTP POST + SSL?

I
Iskander Giniyatullin, 2011-04-27
@rednaxi

those. JSONP request is sent in one window and this window hangs and waits for a response until the user enters his username and password in another window?
And when the user enters his login and password, does the first “hanging” script give an answer to the user?
How will this scheme work with a large number of concurrent users? Will you have 100500 suspended scripts hanging in memory?
I don't think you got it all right. Describe specifically the task, and perhaps you will be prompted for the best solution to your problem without these perversions.
Do not think that you were the first to encounter such a problem, most likely similar problems have already been solved more than once, and you have come up with your own bicycle, which so far does not look very successful, but it is not clear what to advise because it is not clear how this scheme will be used.

J
joger, 2011-04-27
@joger

“How will this scheme work with a large number of concurrent users? Will you have 100,500 suspended scripts hanging in memory? Well, 100500 is only in my dreams :) but there is a problem, I didn’t come up with anything smarter.
the task is simple: fill out a form on the donor site using the "provider". functionality of the roboform plugin for FF.
condition: on the donor only JS.

A
aqwAntonio, 2011-04-27
@aqwAntonio

the problem is that if a hacker has access to the source code, then he can change the script in such a way that all data, wherever it is stored, will be logged when used by the script or, for example, sent to the mail to the hacker. If I were you, I would take care of protecting the server from unauthorized access and tracking changes in server scripts

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question