tags:

views:

191

answers:

1
Q: 

Sending Files from GWT to a Web Server and Faking a Request IP

Hello,

I'm working on a project in GWT, however, I need to store the uploaded files on my personal web server.

The user will upload the files using GWT, my back end will store the files information in AppEngine's database and send the file to the server.

I'm thinking of creating a PHP script on the web server that will handle the files coming from GWT and sends the files as needed.

Also, I'm planning on validating the IP address of the request.

My concerns are:

  1. Is validating the IP address from which the request came good enough to ensure no one misuses the PHP script?
  2. How can GWT's server send the file to PHP?
  3. Is there a better way to do this?

Thanks in advance

+1  A: 

The ip address can be verified using php's $_SERVER['REMOTE_ADDR'] . This variable is pulled from Apache's TCP socket and it cannot be easily spoofed. I personally have dug though the code to verify this.

However, if the communication comes from the WIFI at a local cafe then you might have a problem. An attacker on the network can sniff the connection and you are sharing your ip address with them.

The very secure method of protecting against this cafe scenario is using SSL. HTTPS is easy to setup, but make sure you buy a real certificate which should run you about ~$30 a year.

Rook  2010-01-26 18:33:39
Well, the files can be highly sensitive so using a secure connection is a must.So there's no low-level hack that allows the attacker to change the IP address of the request? I think I'm just being paranoid here.
Leo Jweda  2010-01-26 20:39:40
If it's communication between internal servers, I think a certificate issued by http://www.cacert.org/ should be more than enough (provided that you can add cacert to known CAs on both servers - for minimum headache during the setup of HTTPS).
Igor Klimer  2010-01-26 21:41:59

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases