Posted by Andy Hassall on 10/04/06 00:35

On 3 Oct 2006 15:58:35 -0700, "runner7" <runner7@fastmail.fm> wrote:

>Andy Hassall wrote:
>> When you've got one server communicating to another, then one of the servers
>> is just a client, so all the usual secure client-server methods are available:
>> https, ssh, etc.
>
>Would it be safe to assume, then, that I could do the following with a
>SOAP kit such as NuSOAP and expect secure communications as long as the
>server subdomain is properly set up with an SSL certificate? In other
>words, all I have done is add "s" to the scheme:
>
>$client = new soapclient('https://sub.domain.com/soap_app.php');

Yes, that'd get you at least SSL encryption for the communication.

>Is anything else needed? Which software is actually handling the
>client-side aspects of the secure connection: the web server, the
>operating system, NuSOAP, or PHP runtime?

The PHP runtime. PHP can act as an HTTP, HTTPS and FTP client (and more):
http://uk.php.net/manual/en/wrappers.php

There is also an interface to the cURL library which implements many
protocols, and offers more options in some areas than PHP's built in support:
http://uk2.php.net/curl

I don't know which one NuSOAP uses, but I would expect that it'd be
configurable and probably use PHP's native support by default with the option
to use cURL.

HTTPS gets you two things; encryption for the traffic to avoid eavesdropping,
and verification of the identity of the site through the certificate to avoid
impostor sites. Encryption may well be enough for you; but if you want to also
verify the certificate, then cURL does this by default (see the
CURLOPT_SSL_VERIFYPEER option), and the PHP HTTPS client doesn't but has an
option for it (see verify_peer at the bottom of
http://uk2.php.net/manual/en/transports.php#transports.inet and then backtrack
through the page to find how to set it).

--
Andy Hassall :: andy@andyh.co.uk :: http://www.andyh.co.uk
http://www.andyhsoftware.co.uk/space :: disk and FTP usage analysis tool

• Next in forum: Re: Varaible Syntax
• Prev in forum: Re: secure server-to-server transmissions
• Thread view: Re: secure server-to-server transmissions

[Reply to this message]