質問
I have separate servers for my projects, and I would like to ask for stuff across all of them. I found that I had to use either PHP: file_get_contents or cURL, but then here is my question. Is there a way for my servers to verify which server can ask them execute stuff?
For example I use this script:
https://stackoverflow.com/questions/15069185
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian function is_ajax() {
// BOOLEAN return if AJAX
return isset($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest';
}
to check wether or not the request is AJAX based.
I will probably have access to each servers IP address, if there is a way to use those.
I can tell that one of the things I want to execute is starting a session on SERVER B, after SERVER A has verified some informations. So to prevent other servers and scripts to execute without permission I want a way for my SERVER B to verify that it actually is SERVER A who's asking.
EDIT:
I am creating a session on SERVER A using a session class that saves the data encrypted in an SQL database.
Also by using session cookie parameters
session_set_cookie_params(
$cookieParams['lifetime'],
$cookieParams['path'],
$cookieParams['domain'],
$secure,
$httponly
);
And even though the servers are different, they share same domain name but are separated in sub domains across the servers, so maybe a way would be to let SERVER B see the session at SERVER A and then create a similar session?
解決 2
I settle with the ?SOMEPASSWORDVARIABLE=LONGSPASSWORDWITHRANDOMCHARS as @complex857 suggested.
as file_get_contents is run server side, it's not very easy to guess the file name file the variable and the password, if the actual request could be monitored by monitoring your traffic from your server but the likelihood is very small
他のヒント
If you have sessions stored in a centralized data store like memcached, then your servers would share the same sessions if they are accessed from the same domain. PHP supports storing sessions in memcached, so you just need to configure it (session.save_handler) to do so. Then all your session code would still work as is, but your sessions would be shared across servers.
Use a [crossdomain.xml][1] file to specify which domains are able to make requests. Requests from other domains will be denied.
