I am using curl in php to post data from my local server to a webhost server:
$post = array('test' => 'this is a test' );
$url = "https://my-app.000webhostapp.com";
$curlSesh = curl_init();
curl_setopt($curlSesh, CURLOPT_URL, $url);
curl_setopt($curlSesh, CURLOPT_POST, true);
curl_setopt($curlSesh, CURLOPT_POSTFIELDS, $post);
curl_setopt($curlSesh, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($curlSesh);
curl_close($curlSesh);
echo "response: ";
echo $response;
if ($response == "validate post")echo ' post has been validated';
On my 000webhost server, I accept the array sent in $post using file put contents:
file_put_contents('incomingData.txt', $_POST["test"]. "\n", FILE_APPEND );
Surely this means that anyone can send a post request to my webhost server with an array key 'test' and that will be placed in my incomingData.txt file? This is extremely unsecure. Is there a way to make it so only my local server data is accepted, or maybe can I encrypt the data in some way? Thanks.
To clarify, your data is already being encrypted by using https://. There are a plethora of ways to authenticate your traffic, but a simple way would be to add a "private key" in your post statement.
So you could do
$post = array('key' => 'some private key', 'text' => ... )
And on the server check to ensure dirty data isn't getting through
if ($_POST['key'] != 'the key you made')
die()