Please tell how to unsubscribe from the list.
Thanks
Yash
Mithun Bhattacharya wrote:
>
> For any authentication system to work you need who the user claims to be
> and secondly you need to figure out a way to verify that what he is
> saying is correct. The common practice is to go for a ticket based
> system. Here the user is asked for his userid and password and issued a
> ticket in return - this ticket needs to be passed back to the server for
> ever secure area he is accessing. The ticket is implemented either by
> URL mangling or cookies. URL mangling is where you find every URL on
> your page seems to have the actual URL and a million junk characters
> appended to it :). Cookies on the other hand are set on the client side
> with a MD5 hash so that the user cant tamper the data.
>
> Whatever you choose the whole process is tightly coupled with what the
> webserver sees I dont think you can isolate the authentication process
> from the webserver safely. What you could ofcourse do is let Apache on
> Linux do the authentication and send the appropriate ticket to the user
> and the IIS can pick and do whatever it feels like with the mangled URL
> or the cookies that the browser sends back to the server. Ofcourse dont
> forget cookies need to be set for the right domain.
>
> Mithun
> PS: I just hope you are not confusing authorization with authentication.
>
> _______________________________________________
> linux-india-help mailing list
> [EMAIL PROTECTED]
> http://lists.sourceforge.net/lists/listinfo/linux-india-help
--
Yashpal Nagar
Linux System Administrator
DSF Internet (N.D)
http://www.dsfinternet.com
_______________________________________________
linux-india-help mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/linux-india-help
