RE: [PHP] Secure transfer between servers
Perhaps make it an MD5 hash of the username and password in the url. Or, make it a submit button. Those two pop off my head. - James -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Sunday, November 04, 2001 7:50 PM To: [EMAIL PROTECTED] Subject: [PHP] Secure transfer between servers Hi All- I'm designing a Portal environment for a very large number of organisations and it necessitates having a central server where users initially login and have access to a few functions. For the more complex functions where it is necessary to redirect them to another server, local to them, I have a problem. I can redirect fine but how do I validate that user? At the moment I'm passing through the username and password on the redirect URL but that is no good as Internet Explorer shows that URL in the status bar as it is redirecting. Someone looking over another person's shoulder could see their login and password. I'm looking for ideas on how to securely transfer users between these two separate websites? It is unfortunately not an option to have them login twice. Regards, Adam Whitehead Systems Developer - Computer Support and Maintenance Ph. (08) 8936 3164 E-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] Secure transfer between servers
or, instead of MD5 (depending on how secure you want it) you could use base64_(en|de)code -Original Message- From: James [mailto:[EMAIL PROTECTED]] Sent: Monday, November 05, 2001 12:46 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: [PHP] Secure transfer between servers Perhaps make it an MD5 hash of the username and password in the url. Or, make it a submit button. Those two pop off my head. - James -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Sunday, November 04, 2001 7:50 PM To: [EMAIL PROTECTED] Subject: [PHP] Secure transfer between servers Hi All- I'm designing a Portal environment for a very large number of organisations and it necessitates having a central server where users initially login and have access to a few functions. For the more complex functions where it is necessary to redirect them to another server, local to them, I have a problem. I can redirect fine but how do I validate that user? At the moment I'm passing through the username and password on the redirect URL but that is no good as Internet Explorer shows that URL in the status bar as it is redirecting. Someone looking over another person's shoulder could see their login and password. I'm looking for ideas on how to securely transfer users between these two separate websites? It is unfortunately not an option to have them login twice. Regards, Adam Whitehead Systems Developer - Computer Support and Maintenance Ph. (08) 8936 3164 E-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] Secure transfer between servers
For the more complex functions where it is necessary to redirect them to another server, local to them, I have a problem. If these machines are on a LAN together I would suggest you use database sessions. I.e. a table with records containing active sessions. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
