0

I plan to send some data from server A to server B via curl. I'm a little worried about a situation that attackers (server C) is going to pretend to be server A:

A->B : Hello, I am server A;
C->B : Hello, I am server A;

How does server B know who is server A or which data is from server A?

I'm a newbie in PHP. I really appreciate any help.

user3828771
  • 1,603
  • 3
  • 14
  • 14

1 Answers1

0

You can use $_SERVER['REMOTE_ADDR'] to get client IP.

Just get server A IP address, and on server B, check that $_SERVER['REMOTE_ADDR'] equals server A IP.

Though if server C is on the same subnetwork than server A, then it will have the same address.

In this case, you can have A sending a key to server B, and B to verify it.

For instance : A ==== data='blabla' ==== key='654zd87zda32z1d68zad7' ===> B

And on B side, check that key is equal to 654zd87zda32z1d68zad7. You can change this key periodically to raise security (and / or have a more complex key).

On node.js it's prettry straightforward as well, to get client IP (using express), use : req.ip.

Loïc
  • 11,804
  • 1
  • 31
  • 49
  • I'm afraid that server C may know the IP address too. Is IP address verification secure enough? Do I need to send an ecrypted key instead? – user3828771 Jul 20 '14 at 18:26
  • You can do both for maximum security. Though IP is supposed to be unique and one can't tamper its IP address (for instance, you can change your mac address). – Loïc Jul 20 '14 at 19:09