One-way authentication between sites (PHP / Apache)

Question

One-way authentication between sites (PHP / Apache)

I have a website that offers reference information for users of a much larger application. Until recently, both my help site and the main application were behind a corporate firewall. Now that the main application has been moved outside the firewall, I will also have to move my help site.

My only security requirement is that users accessing my help site are only allowed to enter if they clicked the Help link in the main application. (Obviously, the company does not want them to enter their credentials again.) I do not need to exchange information between sites.

I looked at $ _SERVER ['HTTP_REFERER'] (not protected), Oauth and OpenID (which seem redundant). I am wondering if the response is for one-way SSL authentication (the main application has a certificate), but I am losing a little here.

So the question is, what is the easiest way to do this, and what will it look like in terms of Apache and PHP?

Thanks so much for any advice!

+3

authentication php apache

Matt c Feb 01 '11 at 14:32

source share

2 answers

, . - ( ), . , " + ", , / URL-.

M =
H =
K = , ( )

A: + :

XMIT: ( - ) + () K. K URL- ( POST, K ).

RCV: H , hash K, . H (, , , ?) ( , ).

REQ: , - - 10- . , ( , , ).

SECURITY: , , -, ( M), . n- , (a) , (b), (c), . .

. H K, , M H (- - )

B: /:

XMIT: M K , H. M K ( ) GET POST H.

RCV: H , , .

REQ: . . M, H ( , [ cron] )

: K , , - , -, H.

, - , "" , AJAX (17 ?)

0

Rudu 01 . '11 15:33

Bob Baddeley · Accepted Answer · 2011-02-01T15:28:55+0000

help . , - , , . , - , . , . , IP- URL- , , , IP-. :

, : http://help.yoursite.com/?token=< id > & client = md5 (< client ip > )
, help.yoursite.com.
help.yoursite.com , md5 (< client ip > ) URL-. , , , , .
help.yoursite.com - , , ip.
yoursite.com , "" "", , , , help.yoursite.com .
help.yoursite.com , .

, , , . help.yoursite . , oauth, , . - , , .

One-way authentication between sites (PHP / Apache)

More articles: