堆栈内存溢出
  简体   繁体   English

PHP - cURL:如何使用 cURL 安全地将数据发送到另一台服务器

[英]PHP - cURL : How to safely send data to another server using cURL

 原文  2019-11-05 10:57:31       php/ security/ curl

问题描述

I'm trying to send some data from server(A) to server(B) via cURL and then, putting the said data into a database or deleting from them, depending on the case.我正在尝试通过 cURL 将一些数据从服务器(A)发送到服务器(B),然后根据具体情况将所述数据放入数据库或从中删除。 The thing is I want to secure it and to be sure not everyone can put anything he wants in the database by accessing to the server(B).问题是我想保护它并确保不是每个人都可以通过访问服务器(B)将他想要的任何东西放入数据库中。 So I've put a hash with the other data:所以我把 hash 和其他数据放在一起:

<?php
    $url = "https://serverB/test.php";
    $hash = hash('sha512','UPbztBfJEY7FjDjUZ7kd');//Don't mind the sha512 instead of bcrypt, both my servers aren't working with bcrypt.

    $fields = array(
        'ref' => 'toasty',
        'name' => 'toasta'
        'hash'=> $hash
    );

    $fields_string = http_build_query($fields);

    $ch = curl_init();

    curl_setopt($ch,CURLOPT_URL, $url);
    curl_setopt($ch,CURLOPT_POST, count($fields));
    curl_setopt($ch,CURLOPT_POSTFIELDS, $fields_string);
    curl_exec($ch);
?>

And then, we verify it on the other server:然后,我们在另一台服务器上验证它:

<?php
    $hash=(array_key_exists('hash',$_POST))?$_POST['hash']:'';
    if($hash==hash('sha512','UPbztBfJEY7FjDjUZ7kd')){
        //Insert the data into the database
    }
?>

But is it really secure?但它真的安全吗? If someone can read through what I'm sending, even if the $hash is well, hashed, he could really just send anything he wants by simply typing the hashed password, since the verification would work.如果有人可以阅读我发送的内容,即使$hash很好,经过哈希处理,他也可以通过简单地输入哈希密码来发送他想要的任何内容,因为验证会起作用。

is it enough?够了吗? How can I do better?我怎样才能做得更好?

Feel free to ask me for further info I would have missed, thanks !随时向我询问我会错过的更多信息,谢谢!

1 个解决方案

解决方案1
 1 已采纳  2019-11-05 11:48:43

You need to hash the data to make sure that it hasn't been changed in transit and you can use your secret key to make sure that only authorised parties can generate a valid hash.您需要 hash 数据以确保其在传输过程中未被更改,并且您可以使用您的密钥确保只有授权方才能生成有效的 hash。 So your sending code might look like this.所以你的发送代码可能看起来像这样。

  $yourSecretKey = 'UPbztBfJEY7FjDjUZ7kd';
  $fields = array(
      'ref' => 'toasty',
      'name' => 'toasta'
       );
  $hash = hash('sha512', $yourSecretKey . serialize($fields));

  $fields['hash'] = $hash;

And at the receiving end you need to extract the hash from the data, use the secret key to hash the other data fields and check the generated hash against your extracted hash. And at the receiving end you need to extract the hash from the data, use the secret key to hash the other data fields and check the generated hash against your extracted hash.

foreach ($_POST as $key => $value) {
    if ($key === 'hash') {     // Checksum value is separate from all other fields and shouldn't be included in the hash
        $checksum = $value;
    } else {
        $input[$key] = $value;
    }
}

$hash = hash('sha512', $yourSecretKey . serialize($input));
if ($hash === $checksum) {
    $valid = true;
} else {
    $valid = false;
}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何使用 curl 将数据服务器发送到另一台服务器? - how to send data server to another server using curl? 如何通过curl将文件数据发送到$ _FILES中的另一台服务器 - How to send file data via curl to another server in $_FILES 如何在Codeigniter中使用CURL在两个服务器之间发送数据? - How to send data between two server using CURL in Codeigniter? 如何在 php 数组 json 中使用 curl 发送发布数据 - how to send post data using curl in php array json 如何使用PHP中的curl post发送数据“ \\ n”? - How to send a data '\n' using curl post in php? 如何使用php_curl发送json数据 - How to send json data using php_curl 如何使用 php curl 将大型 json 数据发送到 api? - How to send large json data to api using php curl? 如何使用 curl 发送 PHP 输入 stream 数据? - How to send PHP input stream data using curl? 使用 PHP 中的 curl 发送复杂数据 - Send a complex data using curl in PHP 使用 php curl 将 XML 数据发送到 webservice - Send XML data to webservice using php curl
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM