jeddy - 5:13 pm on Oct 3, 2011 (gmt 0)
Let's say I wanted to power a number of very simple websites on different hosts & IPs off of one central database. Am I crazy to think that the following would work?
1) MySQL database on main server holds HTML markup for various pages of the "network" sites
2) Each time a page on one of the "network" sites is requested, a PHP file on the "network" site calls a PHP file on the main server (call it "displayContent.php"), passing it 1) the URL of the requesting page, and 2) a unique token stored in config.php
3) This token is not a database password - but its hash is stored in the main server's database, and displayContent.php uses the passed value, as well as the requesting page, to validate the request
4) The main server sends back the appropriate HTML content, if it's found, which is then displayed to the page on the "network" site.
A couple problems/objections I foresee.
1) This doesn't provide any of the standard CMS functions like approval, access control, etc. I'm OK with this. I just want to centralize the control of content for a small group of sites on different servers.
2) This setup is vulnerable to CSRF, since the connection used is not secure, and referrers can be spoofed. I *think* I'm OK with this. The displayContent.php script won't display error messages, and will validate input (the format and contents of the requesting page, as well as the format and contents of the token) so that it will only be capable of serving straight HTML for valid page requests. So SQL injection would not be an issue, and the most an attacker could get sent back to them is the HTML, which they could just get by spidering the network site itself, without the extra step.
3) It slows things down. Yep. It does. Caching could help with that.