I am using the PHP5 SOAP extension for communication between two PHP endpoints. Right now I am trying to figure out a way to encrypt the SOAP messages to guarantee some basic confidentiality. The method used does not have to comply to any of the standard security frameworks, just have to be transparent to the rest of the php system. I've already established a way to encrypt and decrypt the messages (using mcrypt) and distributing public keys (using gnupg). Next thing is to actually encrypt and decrypt the messages. I am thinking along the lines of intercepting the soap requests and responses (maybe using __doRequest?) and using the DOM (or SimpleXML?)to cipher the message but wondering about an easier way to implement confidentiality. Has anybody done something like this already? Any comments on my idea would also be really appreciated. Marcus -- PHP Soap Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
