I am writing a program which needs to access data in a web server. I have a decent understanding of network programming in the Linux environment, but I am a bit new to raw HTTP.
I have data in a MySQL database on a web server that is accessed using PHP code that reads and outputs the data, and the PHP code is called via a system of in-url variables through raw HTTP. Question number one: is this a secure way of doing this? Is there a better way? (I am OK with branching to different database types, etc. Security is my top priority).
My other question is how does one go about removing HTTP response data from the raw socket response so that I can read the actual data I wanted to the PHP function? (I also tend to recieve a random character or two before and after the web code, I am not sure what that is (not a null termination issue – its in the middle of valid data.)
Thanks,
Collin Biedenkapp
HTTP security is typically handled with encryption. So as long as you are using HTTP over SSL (HTTPS), then you are secure. If not, it doesn’t matter how the parameters are delivered (in URL or in entity), the transmission is not secure.
The extra characters you are seeing when decoding the HTTP response is most likely chunked encoding. Chunked encoding precedes chunks of data with a hex code that specifies how many bytes are in the chunk. This continues until the chunk hex value is
0. More about it here, but this is also described in the standard, which you are going to have to become familiar with if you are going to be implementing parts of HTTP yourself.Many HTTP libraries exist. I believe
curlis one of the more popular ones.