Passing secure data from one site to another

tryin_to_learn

A company I'm working for has their site hosted by one company and a secure folder hosted by another company. It's worked for what they've needed so far, however, now they're wanting to pass variables we're obtaining on the non-secure part of the site to the secure folder hosted by a different company. Is there a way to do that?

dotnotwhat

If the variable data you want to pass between sites is sensitive, you'll need to encrypt it. If it's encrypted (and secure site has the decryption key), you can pass the variables within a URL like normal, but nobody will be able to nose.

tryin_to_learn

That sounds like a possibility. I've never done that before -- is that where you buy an SSL certificate? If so, how do those work? Not the encryption part -- but how do you hook them up to your site? Any info would be much appreciated.

dotnotwhat

I'm presuming your 'secure' folder is hosted within a site that already has SSL cert setup and running. I'm presuming this because you call it a secure folder. If this is the case, you don't need to worry about installing SSL certs as you already have that piece of the equation running.

Your normal (non-secure) site can carry on doing what it does. When you've gathered your variable data together, you can add it to a URL that links to the secure site. (e.g. https://www.mysecuresite.com/collectdata.php?mydata=putdatehere). The script on the secure site can extract this data from the URL (using $_GET[]) and use it however it likes. The URL doesn't have to be used as a normal <A HREF=""> link, you could use it in a header() to automatically redirect to secure page.

However, the data encoded within the URL is plain text and can not be presumed to be secure. The SSL on the secure site will encrypt everything between browser and server, but the URLs remain as plain text and readable by anyone. To get round this you can encrypt the data in PHP before you add it to the URL, and decrypt it at the other end.

Hope this helps. If I've got the wrong end of the stick, let me know.

tryin_to_learn

Ok, that makes sense and I guess it might work. Basically we're collecting totals and such on the non-secure site and wanted to redirect people to a checkout page on the secure site and have people enter the sensitive data there. So I guess it really wouldn't matter if the totally were transmitted in the URL. I haven't been able to get a form action to the secure site to work, but I have another email into their tech support. Hopefully it's just an issue of not knowing the right URL for the form action or something.

MarkR

If you need to pass data in a way which is not susceptible to unauthorised user modification, you'll have to find a more intelligent solution than passing it in a query string or hidden field. Both of these can be trivially modified by the user.

Possible options are:

Put it in a hidden field / query string, but digitally sign it, checking the signature to detect unauthorised modification (A number of PSPs do this)
Make a server-server POST with the data, passing some authentication information through to ensure it's genuine. When you receive the response, this should contain a unique unguessable value, which can then be put in the query string or hidden field. If the user modifies this value, it causes the app to break without any security risk, as it won't be valid. Some PSPs use this approach too.

Mark