If you need the data to be secure, you could probably just encrypt it with
mcrypt, if you want to make sure it wasn't forged, you want to have A sign
the data, then have B check it. If I were you, I would look at GNU Privacy
Guard. You can just use some backticks and you're set. If you have any
questions e-mail me... this sounds interesting.
On Wednesday 19 September 2001 07:36, you wrote:
> Rick Gardner wrote:
> > Would a solution like xml-rpc work?
> >
> > On Wednesday, September 19, 2001, at 09:43 AM, Bill Lubanovic wrote:
> > > Customers are authenticating through an IIS server against a database
> > > on Win2K. How do I securely pass this information to a separate
> > > PHP/apache/UNIX system? Since any parameters could be forged, it seems
> > > I'd need a cryptographic approach. Does anyone have experience with a
> > > cross-platform solution (ASP/IIS/Win2K and PHP/apache/Linux)?
> > >...
>
> XML-RPC or SOAP structure the data better than GET or POST, but they
> don't address the security issues. We can't send names, passwords, or
> ids, no matter how we wrap them. How can platform A tell platform B
> that it's authenticated someone? How can B trust A?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]