Security with HTTPS in InetRead

[longworthbob]

$url = "https://website.com/getdata.php?database=dbasename&user=username&password=password&rowid=number"

$data = InetRead($url,1)

The above works well with a PHP script on the server that GETs the parameters and does a mysql query and returns the appropriate data. I'm just not sure how secure it is. I've scanned the forum and documentation for another way to acheive this, but have missed it. If it does exist, and I'm sure it does, it's bound to be less than this straightforward.

I've used WireShark to snoop the packets and found them to be encrypted. I also used ProcessExplorer to try and find anything going over the command line to ie or any other program and did not find anything.

This is a pretty easy way to get some data out of a remote database if it can be done securely. It has the benefits of not requiring any special libraries or drivers. Any info anyone can provide regarding the pros and cons of this approach would be much appreciated.

[Fire]

Hallo.

Just use encryption;)

See the help file for _StringEncrypt()

or you can use UDF (for example offenly i'm using it ( __STringencrypt() funcsion from SkinnyWhiteGuy (Advantage = You can crypt/decrypt unicode data)

Theris a lot of GREAT encryption UDFS.

Idea in this:

1)just encrypt on fly your data ( if *.ini file changes dynamically)

2)then write to your *.ini file.

3)Final stage:Decrypt it and do https request from your executable.

But keep in mind.At least you need protect your executable from reverse engineering.Use packer,protectors etc.Theris a lot of ways.

BTW client side execution can'not be secured 100%

Cheers.

[ProgAndy]

Yes, when using SSL, the whole HTTP-request is wrapped inside the SSL-connection. That means that everyxthing including the URL is encrpyted.

Edited November 21, 2010 by ProgAndy

[longworthbob]

Thanks to you both, Fire and ProgAndy. I think I know how I will proceed now.