I need to build website on my webserver which has information securely
passed to it from a web site running on a client's webserver.
My client has a website that has a secure login process running under
SSL. When a user has succesfully logged into that website they will be
able to follow a link to my website. As part of this link I need an id
of the user to be passed to my website so I know who the user is, I do
NOT need the user's username or password. The ids of all users is
already known to both websites.
My site can run using SSL and the simplest solution is to pass the id
of the user as part of the query string, i.e. the link is an anchor
with a HREF such as WWW.ADYSITE.CO.UK?id=123456789', but I do not know
how secure this is. I could envrypt the querystring so it is not
reable but I am not sure if this is necessary if I am using SSL, this
would mean that both the client and I would need to share envyption
keys.
I would like to limit the the amount of work the client will have to do
at their end so I need the simplest solution possible.
Any advice as to possible solutions would be welcome.
Regards
Ady
