Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    New Coder
    Join Date
    Oct 2008
    Posts
    16
    Thanks
    1
    Thanked 0 Times in 0 Posts

    fsockopen 127.0.0.1 or SSL

    Which is more secure when POSTing to a script on the same server but on different subdomains?

    PHP Code:
    $fp fsockopen('ssl://www.mysite.com'443); 
    or
    PHP Code:
    $fp fsockopen('127.0.0.1'80); 
    I am thinking the later because no data is going over the Internet???

    I'm on a Windows box. I tried moving the script, that's being POSTed to, out of the web root for security but I could not figure out how to specify the path. Is this even possible?

    Is fsockopen the best way to do this or should I use something else since both scripts are on localhost?

    Thanks ,

    Jeff
    Last edited by jeffshead; 08-13-2012 at 04:57 PM.

  • #2
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,979
    Thanks
    4
    Thanked 2,659 Times in 2,628 Posts
    Retaining on localhost makes the most sense to me security wise, as it will loopback at the local level instead. Subdomains should be alright to use as well, so long as the localhost knows what to do with it once received, or a more specific path is targeted.

    If you need to post it, then sockets or curl are really your only feasible options. You can't move it above the web root if it needs posting (as it must be handled by the http in order to parse it). If I get a chance, I can try testing with a stream wrapper to see if I can override that to treat it as a parsed file above directory root, in which case you are effectively issuing POST headers to a file run with fopen. Not sure offhand if its doable though.

  • Users who have thanked Fou-Lu for this post:

    jeffshead (08-13-2012)

  • #3
    New Coder
    Join Date
    Oct 2008
    Posts
    16
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Fou-Lu, thanks!

    That's what I thought but I know very little about PHP. Just wanted a second, third or fourth opinion


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •