tags:

views:

404

answers:

5
+1  Q: 

Safe JavasScript that calls PHP script that calls external web service

I have a PHP page that needs to make a call to a external web service. This Web service call takes a bunch of sensitive data from a html form on the PHP page, e.g. SSN, and returns info related to that person.

The problem is that the web service call should be made as soon as the customer fills in the SSN field and the field loses focus, so the page cannot be reloaded in any way. I was thinking about using jQuery to make a call to the web service, but AJAX unfortunately requires that you are on the same domain as the requested resource. So I'm thinking about creating an local PHP page that makes the call to the web service and then use JQuery to call this new page.

Questions:

  1. How do I use JQuery to call the local PHP script that makes the call to the web service?

  2. Because the JQuery code will take sensitive data from a html form and send it to the PHP script, how can I encrypt the data?

+1  A: 

1) $.get("myscript.php", function(response) { alert(response) });

2) I wouldn't encrypt using jQuery, it would be slow and easy to decrypt. Enabling SSL on the server would be a better solution.

karim79  2009-03-25 13:20:16
A: 

1: Ajax request example: 

$.ajax(
{
       type: "GET",
       url: "http://yourdomain.com/yourpage.php",
       success: function (msg) { //does something }
});

More details here

2: php XOR is a pretty good encryption algorithm, I use it myself for a project with sensitive data. you can find the function here.

Enjoy! :)

Bogdan Constantinescu  2009-03-25 13:21:10
XOR encrypt would require the passkey to be client-side as well, so it's not that secure. Stronger encryption methods are asymmetric.
Seb  2009-03-25 13:23:17
Some data can be encrypted while first page(the one with the form) executes (if the data is not wrote by the user)
Bogdan Constantinescu  2009-03-25 13:26:03
+1  A: 

To call your PHP file:

var url = "http://localhost/data.php";
var params = {
  "SSN" : theSSN
};
$.get(url, params, function (){
  // Do whatever you need here, once the data arrives.
});

To call the external webservice from PHP, I'd suggest using cURL.

To encrypt, I'd suggest using the HTTPS protocol instead of encrypting manually from JavaScript.

Seb  2009-03-25 13:21:48
In the PHP script, how do I return data so that it is received by the jquery call? I've tried echo and return, but doesn't work.
AquinasTub  2009-03-25 15:04:58
A nice way to do it is to echo some JSON data. But you'll need to use $.getJSON instead of $.get. Look at the json_encode PHP function; it will convert your PHP data into JS format for further reading in JS world. That's what I do almost always :)
Seb  2009-03-25 16:25:16
A: 

This probably won't help you in particular, but some webservices support something called JSONP, which adds a callback name to a normal JSON request.

However, chances are you will need to make some sort of local proxy, as not many JSONP services exist yet.

R. Bemrose  2009-03-25 13:21:52
A: 

The way to go is enabling SSL on your domain, and doing the xmlHTTPRequest to the https of the remote service

L. Cosio  2009-03-25 14:12:13

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases