HTTPS accept???

petey · 06-23-2004, 06:53 AM

Forgive me if this question is silly, but we are wanting to B2B transaction with a company that's sending us XML documents.
right now they are FTP'ing the XML documents to our server and we are processing them once they get there.

They want to use HTTPS instead of FTP now so I got my SSL certificate and it's installed on my server. Now they are trying to POST to my server.
Not much help on their end, but it's my understanding that I need to write a CGI or PHP script that accepts their post to our server?

Basically all I want to do is accept the post and place the XML doc in a directory on my FreeBSD server. Is there any examples of code that does this out there or has anyone done this?
OR am I totally off base. Basically they are ready to go and are waiting on me and I'm sitting here scratching my head

I'm Running Apache if it matters

Thanks in advance

SBing · 06-23-2004, 07:06 AM

Does it have to be done via HTTPS? Not SFTP (Secure FTP) or SCP (Secure Copy Protocol)?

I don't know about the whole HTTPS thing; someone should be able to help you there - SFTP or SCP are both viable alternatives - especially if you've been using FTP up till now :)

Steve

linuxxed · 06-23-2004, 07:11 AM

Quote:

Originally posted by petey
Forgive me if this question is silly, but we are wanting to B2B transaction with a company that's sending us XML documents.
right now they are FTP'ing the XML documents to our server and we are processing them once they get there.

They want to use HTTPS instead of FTP now so I got my SSL certificate and it's installed on my server. Now they are trying to POST to my server.
Not much help on their end, but it's my understanding that I need to write a CGI or PHP script that accepts their post to our server?

Basically all I want to do is accept the post and place the XML doc in a directory on my FreeBSD server. Is there any examples of code that does this out there or has anyone done this?
OR am I totally off base. Basically they are ready to go and are waiting on me and I'm sitting here scratching my head

I'm Running Apache if it matters

Thanks in advance

You are confusing two different things here.

Your clients are ftping XML files to your server in an insecure manner. If you want to make it secure you would need to disable ftp and enable sftp (i.e sshd daemon on 22 port and allow protocol 2 only). The client would need to an secure client in order to connect.

HTTPS is a different protocol. If your client wants to do HTTPS post then you would need a socket interface accepting XML which you can write in python, perl, java, C etc etc. Configure stunnel and set up forward to your socket interface. The client can now open a SSL socket to stunnel and send XML strings there which get forwarded to your socket interface. You can choose to do whatever you like there.
Infact you can just grab something from the internet for your socket interface and hack it. There are so many out there.

Another way is to write a cgi script (in Perl or C or python or a servlet) which can take the XML argument passed in the POST and process it. This CGI script will be run by apache. Again there are thousands of such scripts available which you can hack and customise.

The last option may be the easiest for you.

petey · 06-23-2004, 07:20 AM

Thanks for the replies.

Yes HTTPS is the way they want to do it and really it doesn't matter if they were sending me a text document versus an XML file. All I want to do is accept the file they want to put on my server and place it in a directory. From there I already have code that pulls out the required info from the XML document.

So it sounds like I was on track in the fact that I could just have a PHP or CGI script that they post to? Can someone lead me in the right direction to some examples? I haven't been able to find any, or maybe I"m just not searching on the right terms....

By the way, FTP is unsecure and that's why they want to use the HTTPS, but the information they are sending isn't that critical that it needs to be top level secured.....

Thanks

linuxxed · 06-23-2004, 07:25 AM

http://cgiresourceindex.com

http://www.perl.org

http://www.servlets.com

just search on google.

linuxxed · 06-23-2004, 07:30 AM

http://academ.hvcc.edu/~kantopet/php...hp+client+side

http://www.juicystudio.com/tutorial/php/forms.asp

search for "FORM POST php" or "FORM POST perl" etc etc on google.

petey · 06-23-2004, 07:55 AM

Ok,

Thanks..simple form posts?? I didn't think it was that easy? Don't I need to know how they are posting to me to figure out what variables and how they are sending the file though?

This is what's confusing me. Is this like a file_upload form?? SO do I need to use $HTTP_POST_FILES?

Something like this maybe??

<?php
// In PHP versions earlier than 4.1.0, $HTTP_POST_FILES should be used instead
// of $_FILES.

$uploaddir = '/var/www/uploads/';
$uploadfile = $uploaddir . $_FILES['userfile']['name'];

print "<pre>";
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
print "File is valid, and was successfully uploaded. ";
print "Here's some more debugging info:\n";
print_r($_FILES);
} else {
print "Possible file upload attack! Here's some debugging info:\n";
print_r($_FILES);
}
print "</pre>";

?>