is HTTPS/SSL not an option? sounds like you're over engineering a
problem that has been solved already.
Marcus Klein wrote:
I am using the PHP5 SOAP extension for communication between two PHP
endpoints.
Right now I am trying to figure out a way to encrypt the SOAP messages to
guarantee some basic confidentiality. The method used does not have to
comply to any of the standard security frameworks, just have to be
transparent to the rest of the php system.
I've already established a way to encrypt and decrypt the messages (using
mcrypt) and distributing public keys (using gnupg). Next thing is to
actually encrypt and decrypt the messages. I am thinking along the lines of
intercepting the soap requests and responses (maybe using __doRequest?) and
using the DOM (or SimpleXML?)to cipher the message but wondering about an
easier way to implement confidentiality.
Has anybody done something like this already? Any comments on my idea would
also be really appreciated.
Marcus
--
PHP Soap Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
