Transfering encrypted data server to server, between 2 PHP scripts
https://stackoverflow.com/questions/1022994
-
06-07-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I need to transfer data from a PHP script on my local server to a remote API (also written in PHP) on my hosting server. It is basically a primitive version control system, and I use both HTTP GET and HTTP POST to transfer files and strings.
I would like the connection encrypted, but my (shared) web host tells me I can't use SSL because I can't get a dedicated IP address--and even if I could, I don't want to spend any more money on it.
My question is: Is there a better way to do this?
Some possibilities I have considered are using the mcrypt extension in PHP to encrypt data at one end and decrypt at the other.
I also thought of TLS, which--as I understand--can be used to create a secure connection without certificates?
EDIT: Please see this question as a follow up regarding OpenPGP, GnuPG and transfer using MIME.
Solution
What is the problem with just using a simple symmetric encryption (for example with the help of mcrypt) or something with a public/private key if you really need the signing and all? Another possible solution could be to use installed system tools and put all your files in a password protected zip file. (php function call "system()")
OTHER TIPS
I think you're kind of up the river on this one. With a shared host the most obvious solution is HTTPS but if they won't let you do that you're kind of stuck. Any other options you find are going to require you open a socket and I doubt your shared host will allow that either.
You may want to look into Amazon Web Services. I don't know how much you're paying for hosting but they have virtual servers available for 10 cents per hour ($72 a month roughly). Then you'd be free to do whatever you wanted.
You can create a self signed certificate to use for SSL. There's no reason for you to be paying someone like verisign for a certificate if you are the only one who has to trust the certificate.
You also might want to consider the following. A shared hosting service such as Dreamhost (which is what I use) will cost you $10 a month for hosting, $4 a month for the static IP, and $15 a year (1.25 a month) for a real SSL cert. So that's only about $15 a month for a shared hosting account with a real certificate signed by a real CA. I don't know who you are currently with, or what they are charging you, but if you are in anyway serious about this project, $15 a month isn't that much money to put towards it.
