所以,如果以前问过这个问题,我很抱歉。 我不确定要搜索什么。
介绍:
我现在维护的所有域都托管在我的服务器上,所以我还没有遇到过这个问题。
我创建了一个类似于WordPress的结构,用于上传和编辑图像。
我会定期创建功能更改并将其上传到单个文件夹。 当用户登录时,内容会自动下载到其文件夹中。
我想做什么:
现在,假设我的用户没有托管在我的服务器上。 我不能使用copy(),但有没有一种安全可靠的方法来回显每个php文件的内容(显然,我可以回应)到用户服务器上的另一个文件?
例如:
目前我可以从jasonleodurbin.com复制到geodun.com(同一服务器),但是我想将jasonleodurbin.com/test.php复制到somedomain.com/test.php。
我有一些想法,比如给每个用户一个私钥,并将其发送到echo.php这样的文件。 echo.php将获取每个文件的内容(最近已经修改过)并将其回显到屏幕上。 请求服务器将获取该内容并将其复制到其各自的.php文件中。
我假设我可以通过GET发送密钥,但由于我从未涉及任何事物的安全隐患(我是业余爱好者),我不知道这有多安全。
有人可以寄给我任何建议或指示吗?
我很感激帮助!
So, if this question has been asked before, I'm sorry. I'm not exactly sure what to search for.
Introduction:
All the domains I maintain now are hosted on my server, so I have not ran into this problem yet.
I have created a structure, similar to WordPress, for uploading and editing images.
I regularly create changes in the functions and upload them to a single folder. When the user logs in, the contents are automatically downloaded into their folder.
What I am wanting to do:
Now, say I have a user that is not hosted on my server. I cannot use copy(), but is there a safe and secure way to echo the contents of each php file (obviously, I can echo) into another file on the users server?
For example:
Currently I can copy from jasonleodurbin.com to geodun.com (same server), but say I want to copy jasonleodurbin.com/test.php to somedomain.com/test.php.
I had some thoughts like give each user a private key and send that to a file like echo.php. echo.php will grab the contents of every file (that has been modified recently) and echo that to the screen. The requesting server would take that content and copy that into it's respective .php file.
I assume I could send the key through GET, but since I have never dabbled into the security implications of anything (I am a hobbyist), I don't know how secure this is.
Are there any suggestions or directions that someone could send me?
I appreciate the help!
最满意答案
我假设这是敏感数据。 如果是这种情况,那么我建议使用PGP密钥加密文件。 无论哪种方式,您都需要一种方法将文件从服务器发送到他们的服务器。 我不记得我是怎么做到的,但我曾经把加密数据文件从我们的远程服务器发送到内部服务器。 我们使用PGP密钥一到家就加密和解密。 至于我们用来通过网络发送文件的方法,我相信我们使用了SCP(您需要在服务器上进行shell访问)。
您可以使用FTP,但如何设置它以便他们只能访问特定目录,这样他们就无法触及任何其他目录。 您需要一个脚本从FTP位置获取文件并将其存储在每个用户的相应目录中?
想到了什么,将文件存储在受保护的文件夹中。 让用户使用curl下载文件。 我相信你可以用curl指定用户名/密码。
I'm assuming this is sensitive data. If that's the case, then I would suggest encrypting the file using PGP keys. Either way, you need a method to send the file from your server to their server. I can't recall how I did it, but I used to send encrypted data file from our remote server to a server in house. We used PGP keys to encrypt and decrypt once it arrived in house. As for the method we used to send the file across the web, I believe we used SCP (you need shell access on the server).
You could use FTP, but how about setting it up so that they only have access to a particular directory so they can't touch anything else. You'll need a script to grab the file from the FTP location and storing it in the appropriate directory per user?
Just thought of something, store the file in a protected folder. Have the user download the file using curl. I believe you can specify username/password with curl.
更多推荐
发布评论