Sending Files from GWT to a Web Server and Faking a Request IP
I'm working on a project in GWT, however, I need to store the uploaded files on my personal web server.
The user will upload the files using GWT, my back end will store the files information in AppEngine's database and send the file to the server.
I'm thinking of creating a PHP script on the web server that will handle the files coming from GWT and sends the files as needed.
Also, I'm planning on validating the IP address of the request.
My concerns are:
- Is validating the IP address from which the request came good enough to ensure no one misuses the PHP script?
- How can GWT's server send the file to PHP?
- Is there a better way to do this?
Thanks in advance
The ip address can be verified using php's $_SERVER['REMOTE_ADDR'] . This variable is pulled from Apache's TCP socket and it cannot be easily spoofed. I personally have dug though the code to verify this.
However, if the communication comes from the WIFI at a local cafe then you might have a problem. An attacker on the network can sniff the connection and you are sharing your ip address with them.
The very secure method of protecting against this cafe scenario is using SSL. HTTPS is easy to setup, but make sure you buy a real certificate which should run you about ~$30 a year.