curl-and-php
Re: Php cURL Security
Date: Wed, 17 Nov 2010 20:30:12 +0530
Hi Charbel,
When the peoples are talking about using https, it is in following two ways
1. The server which is initiating curl should also be on https.
2. The server which you are calling through curl is also https
The first very basic step would be enable ssl on both of these servers. This
you can do by purchasing ssl certificate from any ssl providers like
verisign etc or you can generate the self signed certificates on your
server. The former will cost you a good money however the latter would be
kinda free, however you will have to use the proper functions of curl to
work it out as it will throw error because it is non standard.
After, you have installed the certificate, you can call with the same code
which you have written adding two more lines as shown in end
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "URL");
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_POST, TRUE);
curl_setopt($ch, CURLOPT_POSTFIELDS, $String);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_SSLCERT, 'path to the certificate on the calling
server');
curl_setopt($ch, CURLOPT_SSLCERTPASSWD, 'password of the ssl certificate if
any');
$result = curl_exec($ch);
These two lines will prevent the others to see the data you are sending.
Thanks,
On Wed, Nov 17, 2010 at 10:50 AM, Charbel Zeaiter
<shadow_meld_at_hotmail.com>wrote:
> Hi
>
> I need help.
> I have been looking all over the Internet and posting questions in forums,
> but so far i have just been confused and lost due to conflicting posts and
> poor documentation.
>
> I am using cURL as a php extension in order to post sensitive data to a
> server. My question is, how secure is this, can anyone intercept, read or
> change the data in transmission?
> On some posts people have told me to use https, but i have no idea how to
> do this or where to start. I realize i might need to use SSL certificates
> but i am unsure of many things,
>
> is it as simple as posting the data to a HTTPs URL "https://www.....", or
> using the curl set options:
>
> curl_setopt - CURLOPT_SSLCERT*
> OR
> *curl_setopt - CURLOPT_SSLCERTPASSWD
>
> ?
>
> so far my request consists of :
>
> $ch = curl_init();
> curl_setopt($ch, CURLOPT_URL, "URL");
> curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
> curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
> curl_setopt($ch, CURLOPT_HEADER, false);
> curl_setopt($ch, CURLOPT_POST, TRUE);
> curl_setopt($ch, CURLOPT_POSTFIELDS, $String);
> curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
>
>
> Any advice will be greatly appreciated . thank you .
>
> _______________________________________________
> http://cool.haxx.se/cgi-bin/mailman/listinfo/curl-and-php
>
>
-- _Deepesh
_______________________________________________
http://cool.haxx.se/cgi-bin/mailman/listinfo/curl-and-php
Received on 2010-11-17