TheirPage calls a secure webservice on your server, passing across the username and the password over SSL. you generate a session ID as the return value, they get redirected to yourpage.cfm?username=blah&sessionID=blah if sessionID and username equal the value created in the last 90 seconds then they get in, otherwise they get challenged for a login prompt.
The call to your CFC webservice occurs behind SSL along with the return value, so its nice and secure, the ID that you've generated is only transfered as SSL and while its called once in http, as soon as the call is made, translate to log them in under your own system, expire that entry condition and its a once use deal. Expire generated username/unique id pairs after X number of seconds to allow for connection speed, and after that they're invalid. Basically generate a single use limited duration key that as soon as it transfers in plain text becomes invalid ? Requires an SSL key, but seems secure at a glance. ----- Original Message ----- From: "Knott, Brian" <[EMAIL PROTECTED]> To: "CFAussie Mailing List" <[EMAIL PROTECTED]> Sent: Wednesday, March 19, 2003 11:42 AM Subject: [cfaussie] RE: Security between sites > Steve, > I understand passing a WDDX packet. Just can't seem to visualise > how that will bring up a web page. > > Brian > > -----Original Message----- > From: Steve Onnis [mailto:[EMAIL PROTECTED] > Sent: Wednesday, 19 March 2003 11:43 AM > To: CFAussie Mailing List > Subject: [cfaussie] RE: Security between sites > > > We have done it before between 2 different portals > > Basically we passed and encrypted WDDX packet across to the other server > with the users username and password, and they had a table sitting on their > server (now with MX you could use a webservice to connect to your oriinal > database) and logged them in that way > > Steve > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Knott, > Brian > Sent: Wednesday, 19 March 2003 12:31 PM > To: CFAussie Mailing List > Subject: [cfaussie] Security between sites > > > Does anyone know of a good was to provide security between web sites on > different server. We have a customer site that has a login section. Not > sure what language they use for there backend. They want to have a link to > our site from inside there login section. We want to be able to > automatically log this person on based on the fact that they are already > logged into the first system. I was thinking about using URL parameters and > encoding them. This combined with a check of the referrer url to make sure > it has come from the other system might be enough. > > Is there another way to do it. > > Brian Knott > QANTM Studio > Senior Database Developer > Ph (07) 30174331 > Mob 0407572127 > > > --- > You are currently subscribed to cfaussie as: [EMAIL PROTECTED] > To unsubscribe send a blank email to [EMAIL PROTECTED] > > MX Downunder AsiaPac DevCon - http://mxdu.com/ > > > --- > You are currently subscribed to cfaussie as: [EMAIL PROTECTED] > To unsubscribe send a blank email to [EMAIL PROTECTED] > > MX Downunder AsiaPac DevCon - http://mxdu.com/ > > --- > You are currently subscribed to cfaussie as: [EMAIL PROTECTED] > To unsubscribe send a blank email to [EMAIL PROTECTED] > > MX Downunder AsiaPac DevCon - http://mxdu.com/ > --- You are currently subscribed to cfaussie as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] MX Downunder AsiaPac DevCon - http://mxdu.com/
