Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 203
  • Last Modified:

Association between website

Hi,

I need to link from mysite to another website when a user is logged in, I'm wondering what the best way of doing this would be.

One thought that comes to mind would be to hold a identical SALT on both servers and pass as MD5 hash between via a link with a url, passing the user name too.

So somthing like:

$userid = "tom"
define('SALT','654gf4t5g6GTDY');
$hash = md5(SALT.$userid);

then on other end

define('SALT','654gf4t5g6GTDY');

if md5(SALT.$passedid) == $passedhash){
echo "link ok";
}

Open in new window


Is this the best way of doing it.

Darren
0
darren-w-
Asked:
darren-w-
  • 3
  • 2
1 Solution
 
Ray PaseurCommented:
This kind of cross-site authentication makes some sense to me.  You might want to put it behind HTTPS just in case.
0
 
darren-w-Author Commented:
Thanks Ray, assuming the user will be logged in via https on my side, would the link to the external page need to be via https?
0
 
Ray PaseurCommented:
Yes, it could.  HTTPS is not required, it's just a good security precaution if you're going to be transferring any sensitive data between the sites.

The general design pattern might be a site-to-site handshake like the one illustrated here, adding your md5() string into the mix.
<?php // RAY_REST_get_last_name.php
error_reporting(E_ALL);



// DEMONSTRATE HOW A RESTFUL WEB SERVICE WORKS
// INPUT FIRST NAME, OUTPUT FAMILY NAME
// CALLING EXAMPLE:
// file_get_contents('http://laprbass.com/RAY_REST_get_last_name.php?key=ABC&resp=XML&name=Ray');



// OUR DATA MODEL CONTAINS ALL THE ANSWERS - THIS COULD BE A DATA BASE - AS SIMPLE OR COMPLEX AS NEEDED
$dataModel
= array
( 'Brian'   => 'Portlock'
, 'Ray'     => 'Paseur'
, 'Richard' => 'Quadling'
, 'Dave'    => 'Baldwin'
)
;


// RESPONSE CAN BE PLAIN TEXT OR XML FORMAT
$alpha = NULL;
$omega = NULL;
if ( (isset($_GET["resp"])) && ($_GET["resp"] == 'XML') )
{
    // PREPARE THE XML WRAPPER
    $alpha = '<response>';
    $omega = '</response>';
}



// TEST THE 'API KEY' - THIS COULD BE A DATA BASE VALIDATION LOOKUP - AS SIMPLE OR COMPLEX AS NEEDED
$key = (!empty($_GET["key"])) ? $_GET["key"] : FALSE;
if ($key !== 'ABC')
{
    echo $alpha . 'BOGUS API KEY' . $omega;
    die();
}



// LOOK UP THE FAMILY NAME
$name = (!empty($_GET["name"])) ? $_GET["name"] : 'UNKNOWN';

// IF THE NAME FROM THE URL IS FOUND IN THE DATA MODEL
if (array_key_exists($name, $dataModel))
{
    // RETURNS THE APPROPRIATE FAMILY NAME FROM THE DATA MODEL
    echo $alpha . $dataModel[$name] . $omega;
    die();
}

// RETURNS THE UNKNOWN NAME INDICATOR
else
{
    echo $alpha . 'UNKNOWN' . $omega;
    die();
}

Open in new window

0
 
darren-w-Author Commented:
Great thanks Ray
0
 
Ray PaseurCommented:
Thanks for the points - it's a great question. ~Ray
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now