Re: [Phplib-users] Basic authentication
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
Re: [Phplib-users] Basic authentication
|
From: Peter K. <su...@si...> - 2002-02-01 06:00:50
|
Hello Chris, here some ideas on your problems: > 1) Get the user name in the combined web server log. (I use apache, and > have not had any luck with other methods.) This is lower priority. I do not understand the phrase "... in the combined server log" ? > "single signon" capability -- that is, they logged in at the other site, and > the URL needs to contain the information that they logged in with. As you > know, the standard URL form is something like: > > [protocol]://[username]:[password]@host.domain.name:[port]/document_path I never ever would send passwords in an URL - very good opportunity for hackers! My plan (not realized yet!) to provide a single-sign-on: On server A there is a user database. On another server B the user U calls a page first time. B recognizes, that U isn't logged in and redirects the URL to a log on page at A. The URL must contain information that this request comes from B. U logs on. A opens a session with phplib and redirects the URL back to B including the session-id. B uses a tool like XML/RPC to establish a connection to A and reading the user information required. Instead of XML/RPC you may force A to write a file with the necessary user information and B can do a simple fopen. Further actions depend on your demands: If you do not use session variables, all is perfect. Every page on B can check if the user is still logged in at A. Or you have a phplib at B also to check that. This is a raw outline. In fact you have to do some more customizing. E.g. the server A must not give access to the user-files mentioned from other servers than B ... Sounds complicated, I know. But its very secure (I hope so at least ;-)) Peter Kursawe www.learn4use.com |
