I’m trying to add data from a webhook (from a web cart) to a local Microsoft SQL Server. It seems like the best route for me is to use a PHP script to listen for new data (POST as json), parse it, then query to add to MSSQL.
I’m not familiar with security concerning the connection between the PHP script (which would sit on a shared-host website) and the local MSSQL database. I would just keep the PHP script running on the same localhost (have Apache running on Windows), but the URI for the webhook needs to be publicly accessible.
Alternately, I assume that I could just schedule a script from the localhost to check periodically for updates through the web carts API, though the webhooks seem to be more fool-proof for an amateur programmer like myself.
What steps can I take to ensure security when using a PHP on a remote, shared-host to connect to MSSQL on my local machine?
5
I disagree with the comments for your question, especially about security. Your approach with a PHP script is valid, but you’ll need a tunnel to do it right.
In regards to security, do you really want to open up your data packets to people sniffing? With the NSA out there and most routers able to intercept, I would be cautious.
I would go with openVPN, easy enough to setup, then have your local instance always connected with an openVPN connection and so your data will be secure. This may or may-not be available on your ‘shared’ server, so that is a consideration.
Honestly, you can get a micro centos instance up on Amazon with turn-key software and do the openVPN install yourself. Not too hard, but you’ll need to learn some system management.