SSL would be useless. It has no facilities for authentication, which is what
we need here. Basically, SSL encrypts communications between two computers-
it doesn't care which two and is therefore vulnerable to man-in-the-middle
attacks.
On Wednesday 19 September 2001 08:22, you wrote:
> > Customers are authenticating through an IIS server against a database on
> > Win2K. How do I securely pass this information to a separate
> > PHP/apache/UNIX system? Since any parameters could be forged, it seems
> > I'd need a cryptographic approach. Does anyone have experience with a
> > cross-platform solution (ASP/IIS/Win2K and PHP/apache/Linux)?
>
> Perhaps I'm making this too simple; but what exactly is the problem? You
> have a DB on a Win2k box with user authentication information and some
> scripts in IIS that use that to handle user logins, right? When you toss
> them over to the PHP/Linux system do it via SSL, encode the
> username/password in some GET or POST data, and let the PHP scripts
> authenticate them against the same Win2k database, then give them a
> session variable with their user credientials.
>
> This is of course assuming that you can get the PHP on Linux and your DB
> on Wkn2k talking, which might currently be prevented by a networking
> issue. If you can't fix the network look into mechanisms for replicating
> the data from the Win2k machine to the Linux machine on a nightly/hourly
> basis.
>
> Justin Buist
> Trident Technology, Inc.
> 4700 60th St. SW, Suite 102
> Grand Rapids, MI 49512
> Ph. 616.554.2700
> Fx. 616.554.3331
> Mo. 616.291.2612
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
