Sound good.  I could also spawn a new page if the values passed from the
remote server are correct and not have to worry about returning a value to
the remote server.  When the user has finished with our site the window can
close and they are back at the old site.

Brian

-----Original Message-----
From: Sean [mailto:[EMAIL PROTECTED]
Sent: Wednesday, 19 March 2003 11:53 AM
To: CFAussie Mailing List
Subject: [cfaussie] RE: Security between sites


TheirPage calls a secure webservice on your server, passing across the
username and the password over SSL. you generate a session ID as the return
value, they get redirected to yourpage.cfm?username=blah&sessionID=blah if
sessionID and username equal the value created in the last 90 seconds then
they get in, otherwise they get challenged for a login prompt.

The call to your CFC webservice occurs behind SSL along with the return
value, so its nice and secure, the ID that you've generated is only
transfered as SSL and while its called once in http, as soon as the call is
made, translate to log them in under your own system, expire that entry
condition and its a once use deal. Expire generated username/unique id pairs
after X number of seconds to allow for connection speed, and after that
they're invalid.

Basically generate a single use limited duration key that as soon as it
transfers in plain text becomes invalid ?

Requires an SSL key, but seems secure at a glance.


----- Original Message -----
From: "Knott, Brian" <[EMAIL PROTECTED]>
To: "CFAussie Mailing List" <[EMAIL PROTECTED]>
Sent: Wednesday, March 19, 2003 11:42 AM
Subject: [cfaussie] RE: Security between sites


> Steve,
> I understand passing a WDDX packet.  Just can't seem to visualise
> how that will bring up a web page.
>
> Brian
>
> -----Original Message-----
> From: Steve Onnis [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, 19 March 2003 11:43 AM
> To: CFAussie Mailing List
> Subject: [cfaussie] RE: Security between sites
>
>
> We have done it before between 2 different portals
>
> Basically we passed and encrypted WDDX packet across to the other server
> with the users username and password, and they had a table sitting on
their
> server (now with MX you could use a webservice to connect to your oriinal
> database) and logged them in that way
>
> Steve
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Knott,
> Brian
> Sent: Wednesday, 19 March 2003 12:31 PM
> To: CFAussie Mailing List
> Subject: [cfaussie] Security between sites
>
>
> Does anyone know of a good was to provide security between web sites on
> different server.  We have a customer site that has a login section.  Not
> sure what language they use for there backend.  They want to have a link
to
> our site from inside there login section.  We want to be able to
> automatically log this person on based on the fact that they are already
> logged into the first system.  I was thinking about using URL parameters
and
> encoding them.  This combined with a check of the referrer url to make
sure
> it has come from the other system might be enough.
>
> Is there another way to do it.
>
> Brian Knott
> QANTM Studio
> Senior Database Developer
> Ph (07) 30174331
> Mob 0407572127
>
>
> ---
> You are currently subscribed to cfaussie as: [EMAIL PROTECTED]
> To unsubscribe send a blank email to
[EMAIL PROTECTED]
>
> MX Downunder AsiaPac DevCon - http://mxdu.com/
>
>
> ---
> You are currently subscribed to cfaussie as: [EMAIL PROTECTED]
> To unsubscribe send a blank email to
[EMAIL PROTECTED]
>
> MX Downunder AsiaPac DevCon - http://mxdu.com/
>
> ---
> You are currently subscribed to cfaussie as: [EMAIL PROTECTED]
> To unsubscribe send a blank email to
[EMAIL PROTECTED]
>
> MX Downunder AsiaPac DevCon - http://mxdu.com/
>


---
You are currently subscribed to cfaussie as: [EMAIL PROTECTED]
To unsubscribe send a blank email to [EMAIL PROTECTED]

MX Downunder AsiaPac DevCon - http://mxdu.com/

---
You are currently subscribed to cfaussie as: [EMAIL PROTECTED]
To unsubscribe send a blank email to [EMAIL PROTECTED]

MX Downunder AsiaPac DevCon - http://mxdu.com/

Reply via email to