0

I'm looking for a secure way of including a file from one of my servers to another.

Any help or snippets would be amazing.

Thanks :)

EDIT: I need to the file to perform things, so "get_file_contents" wouldn't do me much good. Thanks

  • 1
    That's going to have *awful* performance. Why do you want to do it? – lonesomeday Mar 02 '11 at 19:57
  • why not take a copy of the file instead –  Mar 02 '11 at 19:59
  • 1
    If the servers are within the same subnet/firewall zone, something like a shared NFS directory would be far better than trying to fetch the file via http or ftp or whatever. – Marc B Mar 02 '11 at 20:00
  • I need my members to be able to "include" the page onto their own sites. But Javascript wouldn't work because part of the script helps remove proxies (and most proxies remove Javascript). –  Mar 02 '11 at 20:02

6 Answers6

3

Don't do it. It's a huge performance and reliability drawback (your site starts depending on the availability of two servers instead of just one).

If you really need this, passing a secret token in the include might be one idea to make it half-way secure.

Pekka
  • 442,112
  • 142
  • 972
  • 1,088
  • Is there prehaps a better way of doing this then? I can't do it in Javascript (for it's reasons). –  Mar 02 '11 at 20:00
  • @Alex except for a caching mechanism that fetches the remote file only every x minutes (you could use `filemtime()` for that) not that I know of, no. What exactly does your script do? – Pekka Mar 02 '11 at 20:11
2

To keep from having (possibly) very bad performance issues related to retrieving a file from a remote server during execution, I would recommend you retrieve the required files once a day and cache them locally.

You can simply setup a cron job and use scp to copy it from the remote server

Patrick
  • 3,142
  • 4
  • 31
  • 46
2

The secure way?

Don't do it. If you control both servers, put the same content on both and slave them together with periodic rsync or something.

Lightness Races in Orbit
  • 378,754
  • 76
  • 643
  • 1,055
1

You can use curl. 

$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $your_page);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 1);
curl_setopt($curl, CURLOPT_CAINFO, $your_certificate);
curl_exec($curl);
curl_close($curl);

See: http://www.php.net/manual/en/function.curl-setopt.php

tara
  • 11
  • 1
0

You could use eval(file_get_contents(...));, but that screams bad idea.

Is there any reason you can't host the executable files on the same server, or commit the files to the server to be executed?

zzzzBov
  • 174,988
  • 54
  • 320
  • 367
0

The better solution would be to build a webservice or something of the like that could be "talked to" by other people's sites. This way, they're not "slurping" your code, causing awful performance and possibly security issues.

But, it's not always realistic to expect others to be able to build code that can talk to a webservice.....SO:

That being said, my company offers clients "webforms" for their websites....essentially a simple form page that's auto generated and "talks to" our application. Users go to our client's websites, enter information into the form hosted on our site (but embedded in theirs) and post data to our application when they hit submit. We opted to go with iFrames (YUCK!) to make it work because most of our clients are dealing with either straight HTML or .net based servers while we work in PHP. It's not ideal, but it works well. And, we know no matter who is running it, 3 lines of code gets their webform online. Most people can handle that. You'll see similar solutions employed by industry leaders such as SurveyGizmo, etc.

bpeterson76
  • 12,918
  • 5
  • 49
  • 82