> The alternative would be to put a great big huge string block in your
> message and use this to pass PGP-encrypted information. This isn't as
> painless or sensible as the SSL option, but again it's well supported by
> PHP, and by most programming environments.
I've done something along those lines. I am trying to implement it without
https because I'd like to have more control about what is encrypted and what
not.
This is a simplified version of the code.
Extending SoapClient::_doRequest() the Client.php:
class LocalSoapClient extends SoapClient {
function __doRequest($request, $location, $action, $version) {
$request = mcrypt_generic ($td, $request);
return parent::__doRequest($request, $location, $action, $version);
}
}
Extending SoapServer::handle() in server.php:
class LocalSoapServer extends SoapServer {
function handle() {
$request = myDecrypt($td, $GLOBALS["HTTP_RAW_POST_DATA"]);
return parent::handle($request);
}
}
It does work that way but a few new questions came up:
- Is there another way to get access to the request besides using
http_raw_post_data? To be honest, I am not so sure what exactly happens to
all those responses and requests going in and out of the functions...
- How can I encrypt the response?
Right now only the request from the client to the server is encrypted. To
secure the response I have to manipulate it.
>From the manual about handle(): Processes a SOAP request, calls necessary
functions, and sends a response back.
Is there a way to intercept that response and alter it?
- Once back at the client it has to be decrypted as well. How can I
intercept the response on the client side? Using __getLastResponse() should
not work since it would be processed by then already.
SoapClient::__SoapCall() maybe?
- I've had to base64_encode and decode the request in order to get a valid
response from the server. Does anybody know why?
(Mixed some email adds, hope this one does not brake the thread)
--
Telefonieren Sie schon oder sparen Sie noch?
NEU: GMX Phone_Flat http://www.gmx.net/de/go/telefonie
--
PHP Soap Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
