PHPBuilder.com, the best resource for PHP tutorials, templates, PHP manuals, content management systems, scripts, classes and more.

Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices
Hiermenus
DatabaseJournal
Technology Jobs

IT
Developer
Internet News
Small Business
Personal Technology

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers

Covalent Extends Apache 2.0 to Microsoft ASP.NET
ShopWorX - Support for Windows
PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1
Network Risk Assessment
Full-Featured, Java-Based Apache GUI

Partners & Affiliates

How to Store Images Directly in the Sql Database
PHP Basics: Intro to PHP
AJAX and PHP Part 1 - Dynamic HTML and Images
The ABC's of PHP II - What do I need to make it work?
File Version Management in PHP

php-general | 2001092

[PHP] Re: [PHP-DB] Cross site authentication From: Justin Buist (jbuist <email protected>)
Date: 09/19/01

Next message: John Lim: "[PHP] Re: odbc_connect w/connectstring instead of DSN"
Previous message: John Lim: "[PHP] Re: PHP vs M$.NET C#?"
In reply to: Bill Lubanovic: "[PHP] Cross site authentication"
Next in thread: Hoover, Josh: "RE: [PHP] Re: [PHP-DB] Cross site authentication"
Maybe reply: Hoover, Josh: "RE: [PHP] Re: [PHP-DB] Cross site authentication"
Reply: Evan Nemerson: "Re: [PHP] Re: [PHP-DB] Cross site authentication"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Customers are authenticating through an IIS server against a database on
> Win2K. How do I securely pass this information to a separate
> PHP/apache/UNIX system? Since any parameters could be forged, it seems
> I'd need a cryptographic approach. Does anyone have experience with a
> cross-platform solution (ASP/IIS/Win2K and PHP/apache/Linux)?

Perhaps I'm making this too simple; but what exactly is the problem? You
have a DB on a Win2k box with user authentication information and some
scripts in IIS that use that to handle user logins, right? When you toss
them over to the PHP/Linux system do it via SSL, encode the
username/password in some GET or POST data, and let the PHP scripts
authenticate them against the same Win2k database, then give them a
session variable with their user credientials.

This is of course assuming that you can get the PHP on Linux and your DB
on Wkn2k talking, which might currently be prevented by a networking
issue. If you can't fix the network look into mechanisms for replicating
the data from the Win2k machine to the Linux machine on a nightly/hourly
basis.

Justin Buist
Trident Technology, Inc.
4700 60th St. SW, Suite 102
Grand Rapids, MI 49512
Ph. 616.554.2700
Fx. 616.554.3331
Mo. 616.291.2612

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: php-general-unsubscribe <email protected>
For additional commands, e-mail: php-general-help <email protected>
To contact the list administrators, e-mail: php-list-admin <email protected>

Next message: John Lim: "[PHP] Re: odbc_connect w/connectstring instead of DSN"
Previous message: John Lim: "[PHP] Re: PHP vs M$.NET C#?"
In reply to: Bill Lubanovic: "[PHP] Cross site authentication"
Next in thread: Hoover, Josh: "RE: [PHP] Re: [PHP-DB] Cross site authentication"
Maybe reply: Hoover, Josh: "RE: [PHP] Re: [PHP-DB] Cross site authentication"
Reply: Evan Nemerson: "Re: [PHP] Re: [PHP-DB] Cross site authentication"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]