phpsecuritycurlencryptionserver-to-server

How to authorize 000webhost posts?


I am using curl in php to post data from my local server to a webhost server:

  $post = array('test' => 'this is a test' );
    $url = "https://my-app.000webhostapp.com";
            $curlSesh = curl_init();
            curl_setopt($curlSesh, CURLOPT_URL, $url);
            curl_setopt($curlSesh, CURLOPT_POST, true);
            curl_setopt($curlSesh, CURLOPT_POSTFIELDS, $post);
            curl_setopt($curlSesh, CURLOPT_RETURNTRANSFER, true);
            $response = curl_exec($curlSesh);
            curl_close($curlSesh);
            echo "response: ";
            echo $response;
            if ($response == "validate post")echo ' post has been validated';

On my 000webhost server, I accept the array sent in $post using file put contents:

file_put_contents('incomingData.txt', $_POST["test"]. "\n", FILE_APPEND );

Surely this means that anyone can send a post request to my webhost server with an array key 'test' and that will be placed in my incomingData.txt file? This is extremely unsecure. Is there a way to make it so only my local server data is accepted, or maybe can I encrypt the data in some way? Thanks.


Solution

  • To clarify, your data is already being encrypted by using https://. There are a plethora of ways to authenticate your traffic, but a simple way would be to add a "private key" in your post statement.

    So you could do

    $post = array('key' => 'some private key', 'text' => ... )
    

    And on the server check to ensure dirty data isn't getting through

    if ($_POST['key'] != 'the key you made')
      die()