简体繁体 English

子项目站点的通用用户配置文件 - 安全地从主服务器传输用户数据

[英]Universal user profile for subproject sites – securely trasfering user data from main server

原文 2017-04-17 01:49:49 9 1 php/ mysql/ security/ server-to-server

I have a site ( A ) for main project with user system (which is supposed to display all student competitions and academic events in my country for registred users. The site is also enabling users to sign them to these events and some other things. The A account includes just basic information as name, school, email, field of interest, ... ) 我有一个与用户系统（这是应该显示在我的国家所有的学生竞赛和学术活动的registred用户主要项目网站（A），该网站还允许用户将其登录到这些事件和其他一些东西。 在一个帐号只包括基本信息，如姓名，学校，电子邮件，感兴趣的领域，...）

Also I'm building a site ( B ) as "subproject" (for finding part-time jobs and collaboration with bigger organizations in subject field. Also, there are going to be more of similiar future subprojects, so ( B ) represent a set of child sites). 此外，我正在建立一个站点（ B ）作为“子项目”（用于寻找兼职工作以及与主题领域中较大组织的合作。此外，将会有更多类似的未来子项目，因此（ B ）代表一组儿童网站）。 The B sites requires the same data as in A and a few more to be filled in. All subproject will be maintained by the same group of people as the one from main project. B站点需要与A中相同的数据以及更多要填写的数据。所有子项目将由与主项目相同的一组人员维护。

I thought that it would be nice to enable users to login to B sites with account from A but also make it possible to register to B with individual account because users don't have to generally come only from the main A site and may be only interested only in B . 我认为让用户使用来自A的帐户登录B站点会很好，但也可以使用个人帐户注册到B ，因为用户通常不必来自主A站点，而且可能只是只对B感兴趣。

Both servers are running PHP and MySQL service. 两台服务器都运行PHP和MySQL服务。 The B sites will not be hosted on the same server as A so they will have to communicate through Internet, obviously. B站点不会与A托管在同一台服务器上，因此显然必须通过Internet进行通信。

I planned following scenario, so far: 到目前为止，我计划了以下方案：

User logs in to B with credentials from A 用户登录在与从A凭证到B
B hashes password and send it with user name through secured channel to A B哈希密码并通过安全通道将其与用户名一起发送到A.
A compares user and hashed password with its database and either send message with error back or A将用户和散列密码与其数据库进行比较，并发送带有错误的消息或
B logs user in B将用户登录

But my main problem is the part with secure communication, I've looked up some of the basics like that the servers would need a certificate to recognize each other but I haven't found any concrete piece of code to start with. 但我的主要问题是安全通信的部分，我已经查找了一些基础知识，比如服务器需要证书才能识别对方，但我还没有找到任何具体的代码片段。

Also there is a problem with storing the user data, because B needs to be able to show certain field on public website, it would be nonsence to look for them on remote DB, I think. 此外，存储用户数据存在问题，因为B需要能够在公共网站上显示某些字段，我认为在远程数据库上查找它们是不存在的。 But that leads to storing A user profile fields on B server, so it would be useless to do the whole thing anyway. 但是，这会导致存储乙服务器上的用户配置文件字段，所以这将是无用做整个事情反正。

I would appreciate any advice! 我很感激任何建议！

1 个解决方案

Well if you have admin access your servers, then you can set up a site to site vpn for securing the communication between the servers. 如果您有管理员访问您的服务器，那么您可以设置站点到站点VPN以保护服务器之间的通信。

You can also install SSL certificates on your servers and send data over the SSL secured channels 您还可以在服务器上安装SSL证书，并通过SSL安全通道发送数据

Another option is to encrypt the messages being sent between the servers using Php. 另一种选择是使用Php加密服务器之间发送的消息。