SitePoint Sponsor

User Tag List

Results 1 to 2 of 2
  1. #1
    SitePoint Zealot
    Join Date
    Jul 2011
    Posts
    199
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Advice on sending/receiving form between two sites

    Hello,

    I'm planning to send a form available on "websiteSend" to "websiteReceive". websiteSend and websiteReceive are two separate domains. No SSL.

    I'd like to get a few advice on what I should take care of to make sure it works, and what security holes I should protect against.

    Here are a few thoughts:

    -form on websiteSend should have a hidden field that is going to be used by websiteReceive to redirect the user.
    -form on websiteSend should have a hidden field that tells websiteReceive from where the form has been sent (what would be the appropriate $_SERVER variable that I should match it against?).
    -websiteReceive should obviously thoroughly validate data before processing it.

    I'm obviously many some key points, so please tell me what to do to secure my application.

    Cheers.

    rh

  2. #2
    rajug.replace('Raju Gautam'); bronze trophy Raju Gautam's Avatar
    Join Date
    Oct 2006
    Location
    Kathmandu, Nepal
    Posts
    4,013
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I would really do it by using cURL post. To do this just submit the form in SendServer domain itself and do sending stuffs right from there. So that you can send an hidden field by yourself in the code as hard coded and no one will know/predict. See some examples of PHP cURL post:
    http://www.askapache.com/php/sending...-php-curl.html (most appropriate for you I guess).
    http://davidwalsh.name/execute-http-post-php-curl
    Mistakes are proof that you are trying.....
    ------------------------------------------------------------------------
    PSD to HTML - SlicingArt.com | Personal Blog | ZCE - PHP 5


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •