How to secure post request between two CakePHP application

1
votes

I have created two CakePHP applications on two different servers.

The application A need to send an array of data to application B in POST using curl :

$ch = curl_init();  
curl_setopt($ch,CURLOPT_URL,"http://example.com/application_B");
curl_setopt($ch,CURLOPT_RETURNTRANSFER,true);
curl_setopt($ch,CURLOPT_HEADER, false); 
curl_setopt($ch, CURLOPT_POST, count($data));
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);  
$output=curl_exec($ch);
curl_close($ch);

What is the best practice to make sure application application B won't accept any other request that request coming from application A ?
Is checking IP address enough ? Or CakePHP has built in method to do so ?

PS: I known HttpSocket is better than CURL in CakePHP but my application A use CakePHP 1.1 (not my will)

2
phpcakephpcurl

2 Answers

3
votes

There are several ways of doing this. Cake doesn't provide any, only auth adapters to check for certain auth systems.

First use a HTTPS connection between the apps. Disable HTTP for the API.

You can use a stateless auth using user/pass and a token. Request a token by sending user/pass and get a time limited token back that is bound to the IP that requested it as well. Your auth adapters will deal with the requests.

Or simply go straight for Oauth.

1
votes

As burzum said there are many ways. A very very simple way would be to have the key string value on both applications. Hash the post data with this key on Application A and pass the hash value along with your data array. Then hash the data (without the hash value) again on Application B. Compare the two hash. If the hash values are the same then the data are correct.