[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 819
  • Last Modified:

cross domain iFrame

I have a simple pre-existing ajax form on a php website (site 1) which submits to a mySQL db hosted on a typical Linux server. My client wants to use the same form in a landing page on another domain which is running php but is hosted on a Windows server with MSSQL (site 2).  I am not experienced with MSSQL so rather than rebuilding the whole thing on site 2, I am thinking that it might be simpler to just build the landing page on site 2 with an iFrame that pulls the remote ajax form from site 1.

I do have FTP access to both servers plus cPanel access on site 1 and remote desktop access on site 2.

Do you have any thoughts or recommendations regarding functionality or security problems with an iFrame setup like that?
0
web5dev7
Asked:
web5dev7
  • 5
  • 4
  • 2
2 Solutions
 
Dave BaldwinFixer of ProblemsCommented:
I the iframe will work.  The question is how is site 2 going to use the data if it is on site 1?
0
 
fourckCommented:
what you are trying to do is not the perfect solution, however i am not going to force you to use another approach, so i will give you a solution as you requested.

- if both sites are for same owner and you can freely access both of them, it is possible to use a remote mysql connection from site2 to site 1.

so you will be using the mysql DB (of site 1)  to insert, delete, update,... on site 2.

to do that you have to only modify your connection string in php, instead of localhost to the ip address of site 1.

so you have to change the following for example:

$con = mysql_connect("localhost","username","password");
if (!$con) die('Could not connect: ' . mysql_error());

Open in new window


to the following:

$con = mysql_connect("IP_ADDRESS_OF_SITE_1","username","password");
if (!$con) die('Could not connect: ' . mysql_error());

Open in new window


where IP_ADDRESS_OF_SITE_1 is the ip address of site 1 where Mysql is installed.

remember to allow from site1 cpanel mysql remote access by entering site2 ip address.

Good Luck!
0
 
web5dev7Author Commented:
Hi Fourck,

I didn't know I could do that - I will try it.  Is it better than using an iFrame?  

Regarding it not being a perfect solution, I generally understand, but please explain more. Are there security issues?   What do you recommend instead ?

thanks.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
web5dev7Author Commented:
Hi Dave,

In answer to your question - the client already has access to a control panel interface on site 1 to view and download the form entries - so site 2 does not really use the data - just a landing page on site 2 with form for capturing the data. There is only 2 db queries happening - one to validate that user does not already exist in db, and another to insert user details.

However, I should have mentioned that site 1 does use SSL Certificate during form submit - so not sure if that will complicate either method - iFrame or connection with remote IP as Fourck suggested.
0
 
Dave BaldwinFixer of ProblemsCommented:
No, that should work alright then.
0
 
web5dev7Author Commented:
Are there security concerns with either method ?
0
 
Dave BaldwinFixer of ProblemsCommented:
Not any more than with a regular page.
0
 
fourckCommented:
Hi web5dev7,

there is no security concerns, unless you don't own / manage site2.

To connect to site1, as i already said you need to provide the site1 db credentials in your code. if you manage site2 and nobody has right to access your code than it is perfect solution. But i think you are managing both sites from your original question, so you can proceed with the suggested solution.

I can't understand how you could use later posted data in the Iframe on site2 ?!! they are not controllable within your iframe, for that i think that the suggested solution fit your needs in a perfect way.

Another advantage of the provided solution, is that you could use the same script built on site1 and all what you need to change is the DB connection string.

Good Luck!
0
 
web5dev7Author Commented:
Fourck,

You raise a good point that made me realize something. Although I have been given temporary access to site 2 for this project - I do not manage site 2 - and there may be multiple others with administrative access to site 2 server, etc.  And I do not know who they are.  So the connection file would be exposing the db credentials of site 1 (which is solely managed by me) to the unknown administrators of site 2.

I suppose I could create a separate new db on site 1 for this project only so at least they would not have access to my existing db tables?

Any thoughts ?
0
 
web5dev7Author Commented:
p.s... on the other hand, I suppose I could just go ahead and rebuild this thing on site 2.  

Does the php syntax, etc. need to be any different when working with MSSQL (instead of MySQL)  ?
0
 
Dave BaldwinFixer of ProblemsCommented:
MSSQL on PHP 5.2 and below is a little different.  MSSQL on PHP 5.3 on a Windows server requires a new Microsoft PHP SQL driver and is more different.  The SQL for MSSQL is a little different also, it doesn't have exactly the same features as MySQL.

But if your page from site 1 is in a iframe on site 2, then you are not exposing any of the database code.  The page is delivered from site 1 and site 2 never sees any of the code.  All the iframe has is a link to the page on site 1.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

  • 5
  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now