Jump to content

Secure HTTP


Ortho Vargas
 Share

You are about to reply to a thread that has been inactive for 4035 days.

Please take a moment to consider if this thread is worth bumping.

Recommended Posts

I am implementing some communications back and forth between LSL and PHP.   reading various forum threads has taught me a few things that make it "more" secure.  My question is this.   Is passing data from LSL -> PHP any more "secure" using POST than just putting the variables in the url (using GET) ?  Maybe the use of https  (or the lack thereof) influences the answer to my question.

thanks in advance.  

Link to comment
Share on other sites

I just stick to post and use this on the lsl comm pages:

 

<?php  if ( ! defined('BASEPATH')) exit('No direct script access allowed');if ( ! function_exists('gethostbyaddr_timeout')){    function gethostbyaddr_timeout($ip,$timeout=2)    {    	$host=`host -W $timeout $ip`;	    	if(preg_match('`in-addr.arpa domain name pointer (.*)\.\n$`i',$host,$matches))    	{    		$host=$matches[1];    	} else {    		$host=$ip;    	}    	return $host;    }}if ( ! function_exists('secondlife_access')){    function secondlife_access($baseURL)    {        $dom = gethostbyaddr_timeout($baseURL);        $ip = gethostbyname($dom);        if(!preg_match('`^.*\.lindenlab\.com$`',$dom) || $ip!=$_SERVER['REMOTE_ADDR'])        {        	print '<center>No outworld access allowed</center>';        	exit();        }    }}

 Then call the function in the script:

public function __construct()    {        parent::__construct();        secondlife_access($_SERVER['REMOTE_ADDR']);    }}

 Ofcourse comment the line out while testing as i also say the url in chat so i can debug it faster :)

Link to comment
Share on other sites

so the question is....   is there anything more to do in the lsl script other than use https://www.   instead of http://www   ?   ...   ok upon further testing...   [HTTP_VERIFY_CERT, FALSE]   allows it to work.   that probably means the shared hosting site I'm using for testing (their cert not mine)  isn't quite good enough for HTTP_VERIFY_CERT to be happy.

Link to comment
Share on other sites

You are about to reply to a thread that has been inactive for 4035 days.

Please take a moment to consider if this thread is worth bumping.

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share

×
×
  • Create New...