|
|
Posted by shimmyshack on 06/30/07 11:53
On Jun 30, 12:38 pm, shimmyshack <matt.fa...@gmail.com> wrote:
> On Jun 30, 2:49 am, Jerry Stuckle <jstuck...@attglobal.net> wrote:
>
>
>
> > Ben Sehara wrote:
> > > "shimmyshack" <matt.fa...@gmail.com> wrote in message
> > >news:1183047662.340289.205790@m36g2000hse.googlegroups.com...
> > >> On Jun 28, 2:49 pm, Jerry Stuckle <jstuck...@attglobal.net> wrote:
> > >>> Ben Sehara wrote:
> > >>>> Is there any way I can limit the access to my website? I have a site
> > >>>> "A" and
> > >>>> I want to allow access to it only from site "B" login user.
> > >>>> If someone try to access site "A" directory, I want it redirected to
> > >>>> site
> > >>>> "B" for login. After login at site "B", you see the link to site"A".
> > >>>> When
> > >>>> you click it, you see login page for site "A".
> > >>>> Is it possible?
> > >>>> Thanks.
> > >>>> Ben
> > >>> Ben,
>
> > >>> Not easily. The problem here is if you set a cookie on Site B, it won't
> > >>> be sent to site A.
> > >> Was it you that asked this the other day, it is a solveable problem,
> > >> what capabilities do both servers have, do they have php, does only
> > >> one, which one, does one/both have a database, session support?
>
> > > No, I don't think it's me. This is the first time to post regarding this
> > > topic.
> > > Site "A" has ASP and site"A", my site, has PHP. Both have database and
> > > session support.
>
> > > Can I use RSS to accomplish this? It just came up in my mind.
>
> > > Ben
>
> > P.S. Please don't top post.
>
> > --
> > ==================
> > Remove the "x" from my email address
> > Jerry Stuckle
> > JDS Computer Training Corp.
> > jstuck...@attglobal.net
> > ==================
>
> so let me get this straight,
> if someone tried to access a directory of A (not the whole of site A,
> just a page) and were not logged on at siteB, then they are redirected
> there, then on successful login they are redirected back to site A, to
> the page they were on, and now site A asks them to log on as well.
> user goes to A, site A checks whether it lets the user through, if not
> there it makes the ACTION of the form point to an iframe in the page
> and to a script on siteB, and uses RSA for the form, with B's public
> key in javascript, as well as a ID from siteA which is set in siteA's
> cookie, user logs in, this form is encrypted and posted to siteB, site
> B decrypts using it's private key, accepts if user gets it right and
> makes a cURL session to a script on siteA, sending it the ID, which A
> stores in database, id->"redirect=no" then it sends back javascript,
> parent.location.reload(), to force the page on siteA to reload, now
> site A checks whether user with this session needs to be refreshed,
> and id is ok, sent from B, so A prints the login form for A with
> ACTION pointing to a script on A, or just shows A's data.
you might find it worth readings this article about encryption of
submission (in a wordpress comment form ):
http://www.zirona.com/software/contact-form-encryption-wordpress/
Navigation:
[Reply to this message]
|