When sending a callback to a remote server, is there anything preventing the request and callback password from being read by a malicious party?
Thanks
Securely sending callbacks to remote servers
-
- Site Admin
- Posts: 5880
- Joined: Wed Mar 19, 2008 8:47 pm
Re: Securely sending callbacks to remote servers
The parameters are sent via POST so if your callback code is running on an SSL-enabled server and you specify an HTTPS link then the password is encrypted along with everything else. Even if not, it would require a man-in-the-middle attack. If that were possible then you are already compromised. The password option just keeps random hackers and bots from purposely (or accidentally) executing your callback code.
Re: Securely sending callbacks to remote servers
Okay great, thanks for the quick response.