Join Up! 104877 members and counting!

Login To PHPBuilder User Name: Password: Register A New Site Account * NOTE: This is for logging into the main site only! To login to the forums, click here

Linux Today Enterprise Linux Today Apache Today JustLinux.com Linux Planet PHPBuilder All Linux Devices Hiermenus DatabaseJournal Technology Jobs Covalent Extends Apache 2.0 to Microsoft ASP.NET ShopWorX - Support for Windows PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1 Network Risk Assessment Full-Featured, Java-Based Apache GUI MySQL and PHP: How to make it work without killing your server Installing Apache and PHP under Win32 Smart Architectures in PHP A Developer's Look at ExpressionEngine 2 Eclipse for the PHP Developer

php-general | 2001092

From: Evan Nemerson (evan <email protected>)
Date: 09/19/01

• Next message: Sheridan Saint-Michel: "Re: [PHP] Weird results from Left Shift"
• Previous message: Evan Nemerson: "Re: [PHP] Re: [PHP-DB] Cross site authentication"
• In reply to: Justin Buist: "[PHP] Re: [PHP-DB] Cross site authentication"
• Next in thread: Justin Buist: "Re: [PHP] Re: [PHP-DB] Cross site authentication"
• Reply: Justin Buist: "Re: [PHP] Re: [PHP-DB] Cross site authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

SSL would be useless. It has no facilities for authentication, which is what
we need here. Basically, SSL encrypts communications between two computers-
it doesn't care which two and is therefore vulnerable to man-in-the-middle
attacks.

On Wednesday 19 September 2001 08:22, you wrote:
> > Customers are authenticating through an IIS server against a database on
> > Win2K. How do I securely pass this information to a separate
> > PHP/apache/UNIX system? Since any parameters could be forged, it seems
> > I'd need a cryptographic approach. Does anyone have experience with a
> > cross-platform solution (ASP/IIS/Win2K and PHP/apache/Linux)?
>
> Perhaps I'm making this too simple; but what exactly is the problem? You
> have a DB on a Win2k box with user authentication information and some
> scripts in IIS that use that to handle user logins, right? When you toss
> them over to the PHP/Linux system do it via SSL, encode the
> username/password in some GET or POST data, and let the PHP scripts
> authenticate them against the same Win2k database, then give them a
> session variable with their user credientials.
>
> This is of course assuming that you can get the PHP on Linux and your DB
> on Wkn2k talking, which might currently be prevented by a networking
> issue. If you can't fix the network look into mechanisms for replicating
> the data from the Win2k machine to the Linux machine on a nightly/hourly
> basis.
>
> Justin Buist
> Trident Technology, Inc.
> 4700 60th St. SW, Suite 102
> Grand Rapids, MI 49512
> Ph. 616.554.2700
> Fx. 616.554.3331
> Mo. 616.291.2612

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: php-general-unsubscribe <email protected>
For additional commands, e-mail: php-general-help <email protected>
To contact the list administrators, e-mail: php-list-admin <email protected>

• Next message: Sheridan Saint-Michel: "Re: [PHP] Weird results from Left Shift"
• Previous message: Evan Nemerson: "Re: [PHP] Re: [PHP-DB] Cross site authentication"
• In reply to: Justin Buist: "[PHP] Re: [PHP-DB] Cross site authentication"
• Next in thread: Justin Buist: "Re: [PHP] Re: [PHP-DB] Cross site authentication"
• Reply: Justin Buist: "Re: [PHP] Re: [PHP-DB] Cross site authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Columns / Articles | Tips / Quickies | News | News Linking and RSS Feeds | Shared Code Library Mail Archives | Support / Discussion Forums | Get Started! Links | Contribute! | Docs