A Secure Concept Or Not?

[hackalive]

Hi guys,

I have this concept and wanted to know your opinions.

 

So basically there is my web-server offiste and a storage server onsite (two separate locations).

To get the web-server to pull content via PHP from the storage server it communicates using SSL over HTTPS.

 

To make it so not just anyone can get the data via the HTTPS path you would also pair the IPs (so ensure static IPs) and also do some form of token handshake (like oAuth but a custom library).

 

Would this be secure? Or not really?

 

Cheers

[smoseley]

Relatively secure, but in general not a good idea to open up a secure LAN outside via HTTP. 

 

Better idea would be to set up a VPN and configure your remote server to log in to the VPN and access the file server as though it's local. 

 

Though you could also just use a firewall to limit remote connections to your web server's IP address.

[hackalive]

Cant do VPNs as I am allowing others to add their server to mine too.

 

Also note it will be SSL and HTTPS

[smoseley]

Ok, well it should be ok.... I'd still firewall it though.

[hackalive]

so by firewall you mean make sure no incomming or outgoing connections are possible except to the IP of the webserver (do this on the storage server)?

[smoseley]

Yeah, that'll work.