On 3 Oct 2006 15:58:35 -0700, "runner7" <ru*****@fastmail.fmwrote:
>Andy Hassall wrote:
> When you've got one server communicating to another, then one of the servers
is just a client, so all the usual secure client-server methods are available:
https, ssh, etc.
Would it be safe to assume, then, that I could do the following with a
SOAP kit such as NuSOAP and expect secure communications as long as the
server subdomain is properly set up with an SSL certificate? In other
words, all I have done is add "s" to the scheme:
$client = new soapclient('https://sub.domain.com/soap_app.php');
Yes, that'd get you at least SSL encryption for the communication.
>Is anything else needed? Which software is actually handling the
client-side aspects of the secure connection: the web server, the
operating system, NuSOAP, or PHP runtime?
The PHP runtime. PHP can act as an HTTP, HTTPS and FTP client (and more):
http://uk.php.net/manual/en/wrappers.php
There is also an interface to the cURL library which implements many
protocols, and offers more options in some areas than PHP's built in support:
http://uk2.php.net/curl
I don't know which one NuSOAP uses, but I would expect that it'd be
configurable and probably use PHP's native support by default with the option
to use cURL.
HTTPS gets you two things; encryption for the traffic to avoid eavesdropping,
and verification of the identity of the site through the certificate to avoid
impostor sites. Encryption may well be enough for you; but if you want to also
verify the certificate, then cURL does this by default (see the
CURLOPT_SSL_VERIFYPEER option), and the PHP HTTPS client doesn't but has an
option for it (see verify_peer at the bottom of
http://uk2.php.net/manual/en/transpo...ransports.inet and then backtrack
through the page to find how to set it).
--
Andy Hassall ::
an**@andyh.co.uk ::
http://www.andyh.co.uk http://www.andyhsoftware.co.uk/space :: disk and FTP usage analysis tool
