本地网站在线连接到WordPress

Question

Long time reader first time asker, if my question is silly or missing info or miss titled lemme know and I'll fix it.

Okay, so I'm working at a community center for the next 8 weeks as a tech help assistant, I'm also a CS student.

They have a web application that is quite old running locally on an iis server (version 7). It's for keeping track of their members, events and registration It's written in asp.net and is using and Access database. They also have a wordpress website (php, mysql, apache) for advertising events and sharing information about what's going on in the community.

What they would like is to link their wordpress to the local application. I've been racking my brain about if this is even possible or not. I'm leaning towards not possible because the local application and shouldn't be outward facing as it has sensitive data on it and was not designed to be secure in the face of would-be hackers.

The only solution that I could think of is create a "walled off" section of the computer hosting the local application. Also an outward facing port that accepts incoming data from the wordpress site that is then passed onto the access database as an update (increasing a counter for the amount of people registered to a program). It needs to be possible for a file to have some kind of global (from the web) executable permissions and have all the other files on the localhost computer locked down from this global permission.

We would also need to be able to get 2 boolean values from the local app for the wordpress site. This is for if the program/camp/whatever is full and if the update was unsuccessful in the event of something going wrong. I'm just not sure if something like that is even possible and where to start with that. The most important thing is that it's secure.

If a secure API could work I have time to create something like that.

I don't have enough time to upgrade their local system to make it safe enough to be online because I have to run tech help sessions. I know that is the most realistic option.

Thanks very much

Answer 1

What they would like is to link their wordpress to the local application. I've been racking my brain about if this is even possible or not. I'm leaning towards not possible because the local application and shouldn't be outward facing as it has sensitive data on it and was not designed to be secure in the face of would-be hackers.

I think you've hit the nail on the head right there. It looks like you have a decent understanding of the situation but not of their internal app. The fact is that it's hard to scope something like this without getting in and getting details. Step 1 would be to see if you can talk to whoever it is that built the thing and get their feedback. It might be secure enough to expose some sort of connection.

Really there's not enough information here to determine a good answer, and you should be wary of anyone that says it's secure. There are a ton of factors that go into web security.

You might be able to throw together a basic RESTful API with authentication to send only to the wordpress site's IP. But if it's sharing the IP that information can be consumed by third parties so you'll have to decide if that is an okay risk.

I wouldn't try and expose everything and partition with apache. A basic RESTful API with authentication would be best at first glance IMO. That way you only show consumable data and limit what can be used.