Hi Marcus,
Marcus Klein wrote:
I am using the PHP5 SOAP extension for communication between two PHP
endpoints.
Right now I am trying to figure out a way to encrypt the SOAP messages to
guarantee some basic confidentiality. The method used does not have to
comply to any of the standard security frameworks, just have to be
transparent to the rest of the php system.
I've already established a way to encrypt and decrypt the messages (using
mcrypt) and distributing public keys (using gnupg). Next thing is to
actually encrypt and decrypt the messages. I am thinking along the lines of
intercepting the soap requests and responses (maybe using __doRequest?) and
using the DOM (or SimpleXML?)to cipher the message but wondering about an
easier way to implement confidentiality.
Has anybody done something like this already? Any comments on my idea would
also be really appreciated.
If you don't have to consider any other external application you can
easily encrypt the actual soap request / response by manipulating the
HTTP_RAW_POST_DATA to decrypt and catch the output with output buffering
functions (ob_*) and encrypt them before you flush.
Kind regards,
David
--
PHP Soap Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
