[snip]
I've got a bit lost on this, but assuming that we are talking about an
intranet enviornment, with windows/IE6 clients, and apache servers, then
personally:
I would check logins based on a valid session. If the user doesn't have
a session they aren't logged in. Store the username in the ses
Quoting Rory Browne <[EMAIL PROTECTED]>:
I've got a bit lost on this, but assuming that we are talking about an
intranet enviornment, with windows/IE6 clients, and apache servers, then
personally:
I would check logins based on a valid session. If the user doesn't have a
session they aren't logg
I've got a bit lost on this, but assuming that we are talking about an
intranet enviornment, with windows/IE6 clients, and apache servers, then
personally:
I would check logins based on a valid session. If the user doesn't have a
session they aren't logged in. Store the username in the session var
Quoting Jochem Maas <[EMAIL PROTECTED]>:
Rick Emery wrote:
Okay, I'm following all of this. So I could take, say, the username
reversed and encode it, then decode it in the PHP application,
and be
I wouldn't do it like that
instead stick the username in the cookie in plaintext and
Rick Emery wrote:
Quoting [EMAIL PROTECTED]:
You could just store a username, since they have already authenticated,
but a cookie with just a username would be easy to duplicate. My current
thought is to hash a checksum of some sort and storing that in the
cookie as well. That way you avoid the
Quoting [EMAIL PROTECTED]:
You could just store a username, since they have already authenticated,
but a cookie with just a username would be easy to duplicate. My current
thought is to hash a checksum of some sort and storing that in the
cookie as well. That way you avoid the username only prob
[snip]
First, let me apologize for having to take it to a basic level. I'll
admit that I'm fairly new to web development, but this is something I
could *really* use at work and I want to make sure I understand (just
to set the stage, we use Windows/Active Directory/MS SQL Server at
work, bu
Quoting [EMAIL PROTECTED]:
[snip]
Couldn't I write my own cookie to fool the authentication into
thinking I'm somebody else?
[/snip]
I suppose that you could do that if you were savvy enough to realize
that automatic login to the intranet used a cookie for authentication
and you knew how to for
[snip]
> We are sitting here having a discussion on login techniques and I cam
up
> with a thought...why not have a login script write a cookie that then
> coulod be read by PHP and compared against the AD via LDAP? Does
anyone
> see any gotcha's with that kind of process?
Couldn't I write my own
Quoting [EMAIL PROTECTED]:
[snip]
As far as I can tell you will have to ask the user to login at the web
application level again, but you can verify it against your AD via LDAP
with the basic stuff from http://www.php.net/ldap
[/snip]
We are sitting here having a discussion on login techniques
Kerberos - there is an apache module for it.
On 3/7/06, Justin Cook <[EMAIL PROTECTED]> wrote:
>
> We are developing an intranet for my company. I would like to implement a
> single sign on service. We have Active Directory on one server and the
> intranet is being housed on a Redhat Linux server.
[snip]
As far as I can tell you will have to ask the user to login at the web
application level again, but you can verify it against your AD via LDAP
with the basic stuff from http://www.php.net/ldap
[/snip]
We are sitting here having a discussion on login techniques and I cam up
with a thought...
[snip]
We are developing an intranet for my company. I would like to implement
a single sign on service. We have Active Directory on one server and the
intranet is being housed on a Redhat Linux server. When the internal
user pulls up the intranet, I would like it to check to see if they
successful
D], php-general@lists.php.net
Sent: Tue, 07 Mar 2006 12:06:42 -0600
Subject: RE: [PHP] LDAP and Single Sign On
Maybe this will help: http://us2.php.net/manual/en/ref.ldap.php
Shaunak Kashyap
Senior Web Developer
WPT Enterprises, Inc.
5700 Wilshire Blvd., Suite 350
Los Angeles, CA 90036
Direct: 32
Maybe this will help: http://us2.php.net/manual/en/ref.ldap.php
Shaunak Kashyap
Senior Web Developer
WPT Enterprises, Inc.
5700 Wilshire Blvd., Suite 350
Los Angeles, CA 90036
Direct: 323.330.9870
Main: 323.330.9900
www.worldpokertour.com
Confidentiality Notice: This e-mail transmission (
15 matches
Mail list logo
