Actually, I'm not necessarily committed to PHP for the solution. JSP
may be a viable solution. Let me extend my description of the problem
and maybe that will help narrow the options for a solution.
We have contracted with a third party to build and host our website (not
my choice...a polictically directed solution, and don't squawk at the
complexities associated with such an idiotic decision). The website must
control access to private data associated with an insurance company, its
policy holder, agents, etc. To control access to this data, we have
determined that we will be the controllers of all reports and critical
data, however, the hosting service will still have the front-end until a
report is required. At that time we will require that the session
redirect to our secure server for data presentation.
However, the hosted website also has pages that need to be tailored
based on the authentication of the user involved. Since our server is
the only one that know who is authorized and what they can access, we
need to be the controllers of the authentication services. The
complexity then involves getting the authorization credentials back to
the hosting server so it can tailor landing pads based on the type of
access (policy holders can see certain information, agents can see
different info, etc.). One of the credentials that we want to return is
a secure session id that needs to be sent back to our server when
reporting is requested (via a different page). Our server will then
control data access based on a lookup of the session id.
The intent of this effort is to control what is accessible on both
servers with a single logon which is not controlled by the primary
server. What we don't want to do is push data to the primary server for
authentication, because it will always be out of date with respect to
the business and we have no confidence that security can be maintained
by either the primary server or the hosting service.
Does this sound more like JSP than PHP? Could the login be securely
controlled by a JAVA applette rather than a scripting language, then
turn over control to PHP from that point forward?
/*
PLUG: http://plug.org, #utah on irc.freenode.net
Unsubscribe: http://plug.org/mailman/options/plug
Don't fear the penguin.
*/
