I am trying to develop a way for my customer to send me a curl request to get data from my server. I need this to be psuedo-secure. I would expect my customer to send me something, I authenticate him, and then wait for him to send me a request for data. Something like
curl -O 1.2.3.4/curlRequest.php?username=Joe&password=123456790
curlRequest.php would verify some credentials. Clearly sending u/p over get is a terrible idea. any thoughts how i can go about this. I am not asking anyone to write code for me, Im asking more for what procedures I could use to achieve my goal.
my first thought is to send request 1 that would request some string:
curl 1.2.3.4/authCurl.php?userName=Joe
using this and the fact that this request came from a known server, i can respond with a string:
125tewgkljgetEDtstdkj
then all future requests must contain that string for the next X minutes:
curl -O 1.2.3.4/curlRequest.php?hash=125tewgkljgetEDtstdkj
is this a terrible idea? Any other options that you could recommend?
