SSL would be useless. It has no facilities for authentication, which is what 
we need here. Basically, SSL encrypts communications between two computers- 
it doesn't care which two and is therefore vulnerable to man-in-the-middle 

On Wednesday 19 September 2001 08:22, you wrote:
> > Customers are authenticating through an IIS server against a database on
> > Win2K.  How do I securely pass this information to a separate
> > PHP/apache/UNIX system? Since any parameters could be forged, it seems
> > I'd need a cryptographic approach.  Does anyone have experience with a
> > cross-platform solution (ASP/IIS/Win2K and PHP/apache/Linux)?
> Perhaps I'm making this too simple; but what exactly is the problem?  You
> have a DB on a Win2k box with user authentication information and some
> scripts in IIS that use that to handle user logins, right?  When you toss
> them over to the PHP/Linux system do it via SSL, encode the
> username/password in some GET or POST data, and let the PHP scripts
> authenticate them against the same Win2k database, then give them a
> session variable with their user credientials.
> This is of course assuming that you can get the PHP on Linux and your DB
> on Wkn2k talking, which might currently be prevented by a networking
> issue.  If you can't fix the network look into mechanisms for replicating
> the data from the Win2k machine to the Linux machine on a nightly/hourly
> basis.
> Justin Buist
> Trident Technology, Inc.
> 4700 60th St. SW, Suite 102
> Grand Rapids, MI  49512
> Ph. 616.554.2700
> Fx. 616.554.3331
> Mo. 616.291.2612

PHP General Mailing List (
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to