|
|
Posted by Robin on 08/04/06 08:38
Taylor wrote:
> Hmmm, I think we're all on different pages, but I think Colin came
> closest to what I'm getting at. I think I found a solution:
>
> This sub-site (like I've said, it can share no special links with the
> other site like VPN, database, common server, etc...) is designed to be
> invoked from many different "host" sites, as a sort of "service" built
> into other website. The sub-site is hosted on an entirely different
> platform, and must be invoked by get/post, unless there is some other
> clever idea.
>
> My solution is to have a secret key for each "host" site that uses my
> sub-site service. When the host site authenticates a user, the host
> site invokes the sub-site with a query string of an md5 hash of the
> concatenation of the secret key and the user's username, along with an
> unencrypted version of the username (so I know who's authenticated).
> The sub site then checks to make sure the md5 hash matches what is
> expected.
>
> What do you think?
>
I've done something like this in the past with a similar solution.
Host:
Authenticates user (normal db way) then when user whats to go to
sub-site the link is via a submitted form with a hidden field containing:
urlencode(rc4($rc4key,randomjunk().'|CODE|'.randomjunk().'|'.$username.'|'.gmdate('U')))
Sub-site:
validate page (linked to from Host) can then:
list($junk1,$codeword,$junk2,$username,$time)=explode('|',rc4($rc4key,urldecode($_POST['data'])))
then check $codeword=='CODE' (checks right rc4key was used)
and check $time within 60 secs (prevents replay attacks after a minute)
where rc4() is a RC4 (de)encryption function (doh!),
$rc4key is a big shared key, and
randomjunk() produces a random length string of random characters
(excluding '|')
Someone with more cryptography knowledge can now say which is the most
secure solution (or point out some major flaw in our processes).
Robin
Navigation:
[Reply to this message]
|