Use the web service as suggested but hide the SSRS server from the internet.

SSRS and SharePoint are simply not internet safe. Ask any MS consultant over a beer if you know one socially.

Well I found some documentation from microsoft on the whole matter here. I've got it up and running now so I am happy. although in order for it to be perfect i still need another firewall between the web server and the rest of the network.

Simplest way to tackle this is to look into what MS calls "URL Access" which allows you to link to a report hosted on an SSRS installation. Lots of ways to customize through all of the URL Access parameters.

Take a look here: URL Access

Simple Example:

http://<Server Name>/reportserver?/Sales/YearlySalesByCategory&rs:Command=Render

The link above would cause the report to be rendered in the web browser just like a normal page. You can also specify other render modes such as PDF. What I normally do in my applications is for the user to click on a link referencing the report, with the render mode set to PDF. You can then wrap all your security and authentication code around it so it is kept away from those you don't want to use it.

I think your best bet is using the SSRS web service interface. You could funnel the requests through an ASP "proxy". Writing the client from scratch in PHP is probably not advisable (unless you find a ready-to-use component for this, which I did not research). The proxy class is readily available for .Net (see here). Your proxy client could authenticate with a "service account".

Alternatively, you could use the SSRS URL interface. I wrote a Java proxy a long time ago, for SSRS 1.0. The basic approach is probably still valid.

As far as security integration goes, that will depend on whether your users are in an AD domain or not. Authenticating with RS through models other than Windows Integrated Security is not straight-forward and requires customization.