Had another thought about this...
Have someone register against the first site - have it create
a quick key value, and store it locally. Pass that via GET or POST
to one of YOUR sites. Have your server hit the first server
with this key.
The first server would authenticate the validity of the
A few things to try:
1. Use session variables that expire after a certain time. The remote
host, your partner, has to contact your host every X hours to get a new
session key and all communication is done for that period of time using
that key in the URL.
2. Use difficult to guess user identifier
"Boget, Chris" wrote:
>
> One other thing that I forgot to include in my previous message as
> a concern of mine and it relates to the above. If we did it that way,
>
> someone who was listening to a port on the client's server, or who
> came by later to use the same machine the client was usi
Here is an idea I had, but will require that all the sites in question
maintain very accurate clock synchronization, but doesn't require any
database writes. It assumes that the passwords are stored using MySQL's
PASSWORD("") function.
$user_table="website.authorized_users";
$now=gmmktime();
$in
Boget, Chris wrote:
> > > Also, you can check the value of $HTTP_REFERER for the ip of
> > the trusted host, to further eliminate the potential.
>
> How do you get the IP out of $HTTP_REFERER? As far as I know,
> that only tells you the referring url, not the ip address.
This is correct. But y
> Also, you can check the value of $HTTP_REFERER for the ip of
> the trusted host, to further eliminate the potential.
How do you get the IP out of $HTTP_REFERER? As far as I know,
that only tells you the referring url, not the ip address. And couldn't
that value be messed with?
Chris
ness Infrastructure Technology Provider
> -Original Message-
> From: Michael Kimsal [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, January 23, 2001 12:32 PM
> To: Boget, Chris
> Cc: Php (E-mail)
> Subject: Re: [PHP] "Authenticating" across sites/servers
>
>
> Have the user log in to/authenticate against the first server.
> That server generates a key, based on combining the username
> and a private key known to the authenticating server and your
> servers.
> Pass that back to your servers in a URL - cookie wouldn't
> work, but the key in the URL s
Have the user log in to/authenticate against the first server.
That server generates a key, based on combining the username and a private
key known to the authenticating server and your servers.
Pass that back to your servers in a URL - cookie wouldn't work, but the key
in the URL should be suffic
I've been charged with trying to find out how something
like this can be done if it is at all in fact possible. The info
I'm hoping to get is what would be involved and where I
can find information on it. I'm not asking for code or
examples unless you really want to provide them. :P
Anyways,
10 matches
Mail list logo
