Re: [Phplib-users] Basic authentication
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
Re: [Phplib-users] Basic authentication
|
From: Justin W. <jw...@sa...> - 2002-02-13 05:43:33
|
Today @ 8:44pm, Chris Johnson typed.. > So, revisiting this issue a bit further: > > If my "single signon" business partner who wants to send their users to my > secure site running PHPLIB without forcing their users to log in again did > the following, would that be sufficient? > > They have proposed that they create a form on their page such that when the > submit button is clicked, they will POST the data to me and pass the > username and password. > > Since both sites are SSL (HTTPS) encrypted, the POST'ed data should be > secure. I should then just be able to do an automated, behind the scenes > login using their name and password, right? > > It seems too simple! I'm always sceptical when it seems that easy. One somewhat undesirable practice is to put the password plaintext in the webpage. Granted, it's SSL so only that person should see it, but even so, most web services never ever let the user see their own password. You never know what could happen to your cached pages, or who may have temporary access to your browser. Isn't there an MD5 alternative? or maybe you're already doing that and that's what you're talking about. Justin > > Anyone see any flaws in this? > > Thanks, > ..chris > > > _______________________________________________ > Phplib-users mailing list > Php...@li... > https://lists.sourceforge.net/lists/listinfo/phplib-users > _______________________________________________________ 2 common misconceptions 0) Pain is bad. 1) Omniscience necessitates predestination. |
