Is there any way I can limit the access to my website? I have a site "A" and
I want to allow access to it only from site "B" login user.
If someone try to access site "A" directory, I want it redirected to site
"B" for login. After login at site "B", you see the link to site"A". When
you click it, you see login page for site "A".
Is it possible?
Thanks.
Ben
16  2471 
$_SERVER['HTTP_REFERER']
On Jun 28, 3:02 pm, "Ben Sehara" <seh...@hotmail.comwrote:
Is there any way I can limit the access to my website? I have a site "A" and
I want to allow access to it only from site "B" login user.
If someone try to access site "A" directory, I want it redirected to site
"B" for login. After login at site "B", you see the link to site"A". When
you click it, you see login page for site "A".
Is it possible?
Thanks.
Ben
..oO(lnsoso)
>$_SERVER['HTTP_REFERER']
Not really.
Micha
Ben Sehara wrote:
Is there any way I can limit the access to my website? I have a site "A" and
I want to allow access to it only from site "B" login user.
If someone try to access site "A" directory, I want it redirected to site
"B" for login. After login at site "B", you see the link to site"A". When
you click it, you see login page for site "A".
Is it possible?
Thanks.
Ben
Ben,
Not easily. The problem here is if you set a cookie on Site B, it won't
be sent to site A.
If they are on the same server (or otherwise have access to the same
database), you could enter a row in the database with a long, random key
(i.e. a MD5 hash) and pass that value in the GET or POST request. If
it's in the database, then allow them access. If not, redirect them
back. Of course, you would have to clean up the info occasionally.
There are other ways, but they would be along the same lines.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attglobal.net
==================
On Jun 28, 2:49 pm, Jerry Stuckle <jstuck...@attglobal.netwrote:
Ben Sehara wrote:
Is there any way I can limit the access to my website? I have a site "A" and
I want to allow access to it only from site "B" login user.
If someone try to access site "A" directory, I want it redirected to site
"B" for login. After login at site "B", you see the link to site"A". When
you click it, you see login page for site "A".
Is it possible?
Thanks.
Ben
Ben,
Not easily. The problem here is if you set a cookie on Site B, it won't
be sent to site A.
Was it you that asked this the other day, it is a solveable problem,
what capabilities do both servers have, do they have php, does only
one, which one, does one/both have a database, session support?
No, I don't think it's me. This is the first time to post regarding this
topic.
Site "A" has ASP and site"A", my site, has PHP. Both have database and
session support.
Can I use RSS to accomplish this? It just came up in my mind.
Ben
"shimmyshack" <ma********@gmail.comwrote in message
news:11**********************@m36g2000hse.googlegr oups.com...
On Jun 28, 2:49 pm, Jerry Stuckle <jstuck...@attglobal.netwrote:
>Ben Sehara wrote:
Is there any way I can limit the access to my website? I have a site
"A" and
I want to allow access to it only from site "B" login user.
If someone try to access site "A" directory, I want it redirected to
site
"B" for login. After login at site "B", you see the link to site"A".
When
you click it, you see login page for site "A".
Is it possible?
Thanks.
Ben
Ben,
Not easily. The problem here is if you set a cookie on Site B, it won't
be sent to site A.
Was it you that asked this the other day, it is a solveable problem,
what capabilities do both servers have, do they have php, does only
one, which one, does one/both have a database, session support?
Ben Sehara wrote:
"shimmyshack" <ma********@gmail.comwrote in message
news:11**********************@m36g2000hse.googlegr oups.com...
>On Jun 28, 2:49 pm, Jerry Stuckle <jstuck...@attglobal.netwrote:
>>Ben Sehara wrote:
Is there any way I can limit the access to my website? I have a site
"A" and
I want to allow access to it only from site "B" login user.
If someone try to access site "A" directory, I want it redirected to
site
"B" for login. After login at site "B", you see the link to site"A".
When
you click it, you see login page for site "A".
Is it possible?
Thanks.
Ben
Ben,
Not easily. The problem here is if you set a cookie on Site B, it won't
be sent to site A.
Was it you that asked this the other day, it is a solveable problem,
what capabilities do both servers have, do they have php, does only
one, which one, does one/both have a database, session support?
No, I don't think it's me. This is the first time to post regarding this
topic.
Site "A" has ASP and site"A", my site, has PHP. Both have database and
session support.
Can I use RSS to accomplish this? It just came up in my mind.
Ben
(Top posting fixed)
Nope. RSS is generally not real-time. More often than not, RSS feeds
run from a cron job every so often.
Also, you can't share ASP sessions with PHP sessions. But if they can
access the same database (not two different databases!) you can pass
info through the database and either GET or POST values.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attglobal.net
==================
Ben Sehara wrote:
"shimmyshack" <ma********@gmail.comwrote in message
news:11**********************@m36g2000hse.googlegr oups.com...
>On Jun 28, 2:49 pm, Jerry Stuckle <jstuck...@attglobal.netwrote:
>>Ben Sehara wrote:
Is there any way I can limit the access to my website? I have a site
"A" and
I want to allow access to it only from site "B" login user.
If someone try to access site "A" directory, I want it redirected to
site
"B" for login. After login at site "B", you see the link to site"A".
When
you click it, you see login page for site "A".
Is it possible?
Thanks.
Ben
Ben,
Not easily. The problem here is if you set a cookie on Site B, it won't
be sent to site A.
Was it you that asked this the other day, it is a solveable problem,
what capabilities do both servers have, do they have php, does only
one, which one, does one/both have a database, session support?
No, I don't think it's me. This is the first time to post regarding this
topic.
Site "A" has ASP and site"A", my site, has PHP. Both have database and
session support.
Can I use RSS to accomplish this? It just came up in my mind.
Ben
P.S. Please don't top post.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attglobal.net
==================
On Jun 30, 2:49 am, Jerry Stuckle <jstuck...@attglobal.netwrote:
Ben Sehara wrote:
"shimmyshack" <matt.fa...@gmail.comwrote in message
news:11**********************@m36g2000hse.googlegr oups.com...
On Jun 28, 2:49 pm, Jerry Stuckle <jstuck...@attglobal.netwrote:
Ben Sehara wrote:
Is there any way I can limit the access to my website? I have a site
"A" and
I want to allow access to it only from site "B" login user.
If someone try to access site "A" directory, I want it redirected to
site
"B" for login. After login at site "B", you see the link to site"A".
When
you click it, you see login page for site "A".
Is it possible?
Thanks.
Ben
Ben,
>Not easily. The problem here is if you set a cookie on Site B, it won't
be sent to site A.
Was it you that asked this the other day, it is a solveable problem,
what capabilities do both servers have, do they have php, does only
one, which one, does one/both have a database, session support?
No, I don't think it's me. This is the first time to post regarding this
topic.
Site "A" has ASP and site"A", my site, has PHP. Both have database and
session support.
>
Can I use RSS to accomplish this? It just came up in my mind.
>
Ben
>
>
P.S. Please don't top post.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstuck...@attglobal.net
==================
so let me get this straight,
if someone tried to access a directory of A (not the whole of site A,
just a page) and were not logged on at siteB, then they are redirected
there, then on successful login they are redirected back to site A, to
the page they were on, and now site A asks them to log on as well.
user goes to A, site A checks whether it lets the user through, if not
there it makes the ACTION of the form point to an iframe in the page
and to a script on siteB, and uses RSA for the form, with B's public
key in javascript, as well as a ID from siteA which is set in siteA's
cookie, user logs in, this form is encrypted and posted to siteB, site
B decrypts using it's private key, accepts if user gets it right and
makes a cURL session to a script on siteA, sending it the ID, which A
stores in database, id->"redirect=no" then it sends back javascript,
parent.location.reload(), to force the page on siteA to reload, now
site A checks whether user with this session needs to be refreshed,
and id is ok, sent from B, so A prints the login form for A with
ACTION pointing to a script on A, or just shows A's data.
On Jun 30, 12:38 pm, shimmyshack <matt.fa...@gmail.comwrote:
On Jun 30, 2:49 am, Jerry Stuckle <jstuck...@attglobal.netwrote:
Ben Sehara wrote:
"shimmyshack" <matt.fa...@gmail.comwrote in message
>news:11**********************@m36g2000hse.googleg roups.com...
>On Jun 28, 2:49 pm, Jerry Stuckle <jstuck...@attglobal.netwrote:
>>Ben Sehara wrote:
>>>Is there any way I can limit the access to my website? I have a site
>>>"A" and
>>>I want to allow access to it only from site "B" login user.
>>>If someone try to access site "A" directory, I want it redirected to
>>>site
>>>"B" for login. After login at site "B", you see the link to site"A".
>>>When
>>>you click it, you see login page for site "A".
>>>Is it possible?
>>>Thanks.
>>>Ben
>>Ben,
>>Not easily. The problem here is if you set a cookie on Site B, it won't
>>be sent to site A.
>Was it you that asked this the other day, it is a solveable problem,
>what capabilities do both servers have, do they have php, does only
>one, which one, does one/both have a database, session support?
No, I don't think it's me. This is the first time to post regarding this
topic.
Site "A" has ASP and site"A", my site, has PHP. Both have database and
session support.
Can I use RSS to accomplish this? It just came up in my mind.
Ben
P.S. Please don't top post.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstuck...@attglobal.net
==================
so let me get this straight,
if someone tried to access a directory of A (not the whole of site A,
just a page) and were not logged on at siteB, then they are redirected
there, then on successful login they are redirected back to site A, to
the page they were on, and now site A asks them to log on as well.
user goes to A, site A checks whether it lets the user through, if not
there it makes the ACTION of the form point to an iframe in the page
and to a script on siteB, and uses RSA for the form, with B's public
key in javascript, as well as a ID from siteA which is set in siteA's
cookie, user logs in, this form is encrypted and posted to siteB, site
B decrypts using it's private key, accepts if user gets it right and
makes a cURL session to a script on siteA, sending it the ID, which A
stores in database, id->"redirect=no" then it sends back javascript,
parent.location.reload(), to force the page on siteA to reload, now
site A checks whether user with this session needs to be refreshed,
and id is ok, sent from B, so A prints the login form for A with
ACTION pointing to a script on A, or just shows A's data.
you might find it worth readings this article about encryption of
submission (in a wordpress comment form ): http://www.zirona.com/software/conta...ion-wordpress/
shimmyshack wrote:
On Jun 30, 2:49 am, Jerry Stuckle <jstuck...@attglobal.netwrote:
>Ben Sehara wrote:
>>"shimmyshack" <matt.fa...@gmail.comwrote in message
news:11**********************@m36g2000hse.google groups.com...
On Jun 28, 2:49 pm, Jerry Stuckle <jstuck...@attglobal.netwrote:
Ben Sehara wrote:
>Is there any way I can limit the access to my website? I have a site
>"A" and
>I want to allow access to it only from site "B" login user.
>If someone try to access site "A" directory, I want it redirected to
>site
>"B" for login. After login at site "B", you see the link to site"A".
>When
>you click it, you see login page for site "A".
>Is it possible?
>Thanks.
>Ben
Ben,
Not easily. The problem here is if you set a cookie on Site B, it won't
be sent to site A.
Was it you that asked this the other day, it is a solveable problem,
what capabilities do both servers have, do they have php, does only
one, which one, does one/both have a database, session support?
No, I don't think it's me. This is the first time to post regarding this
topic.
Site "A" has ASP and site"A", my site, has PHP. Both have database and
session support.
Can I use RSS to accomplish this? It just came up in my mind.
Ben
P.S. Please don't top post.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstuck...@attglobal.net
==================
so let me get this straight,
if someone tried to access a directory of A (not the whole of site A,
just a page) and were not logged on at siteB, then they are redirected
there, then on successful login they are redirected back to site A, to
the page they were on, and now site A asks them to log on as well.
user goes to A, site A checks whether it lets the user through, if not
there it makes the ACTION of the form point to an iframe in the page
and to a script on siteB, and uses RSA for the form, with B's public
key in javascript, as well as a ID from siteA which is set in siteA's
cookie, user logs in, this form is encrypted and posted to siteB, site
B decrypts using it's private key, accepts if user gets it right and
makes a cURL session to a script on siteA, sending it the ID, which A
stores in database, id->"redirect=no" then it sends back javascript,
parent.location.reload(), to force the page on siteA to reload, now
site A checks whether user with this session needs to be refreshed,
and id is ok, sent from B, so A prints the login form for A with
ACTION pointing to a script on A, or just shows A's data.
Who said anything about all this crap?
From what I understand what the user wants, if someone is signed into
site A, they can access anything on Site B.
I suspect the entire idea is to not have to sign into both sites.
If they try to access a page at Site B but don't have the authority,
they are redirected to Site A for sign in. Once signing in, they can
access the page on Site B.
As for the rest - what a complicated way of handling things.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attglobal.net
==================
On Jun 30, 2:23 pm, Jerry Stuckle <jstuck...@attglobal.netwrote:
shimmyshack wrote:
On Jun 30, 2:49 am, Jerry Stuckle <jstuck...@attglobal.netwrote:
Ben Sehara wrote:
"shimmyshack" <matt.fa...@gmail.comwrote in message
news:11**********************@m36g2000hse.google groups.com...
On Jun 28, 2:49 pm, Jerry Stuckle <jstuck...@attglobal.netwrote:
Ben Sehara wrote:
Is there any way I can limit the access to my website? I have a site
"A" and
I want to allow access to it only from site "B" login user.
If someone try to access site "A" directory, I want it redirected to
site
"B" for login. After login at site "B", you see the link to site"A".
When
you click it, you see login page for site "A".
Is it possible?
Thanks.
Ben
Ben,
Not easily. The problem here is if you set a cookie on Site B, it won't
be sent to site A.
Was it you that asked this the other day, it is a solveable problem,
what capabilities do both servers have, do they have php, does only
one, which one, does one/both have a database, session support?
No, I don't think it's me. This is the first time to post regarding this
topic.
Site "A" has ASP and site"A", my site, has PHP. Both have database and
session support.
Can I use RSS to accomplish this? It just came up in my mind.
Ben
P.S. Please don't top post.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstuck...@attglobal.net
==================
so let me get this straight,
if someone tried to access a directory of A (not the whole of site A,
just a page) and were not logged on at siteB, then they are redirected
there, then on successful login they are redirected back to site A, to
the page they were on, and now site A asks them to log on as well.
user goes to A, site A checks whether it lets the user through, if not
there it makes the ACTION of the form point to an iframe in the page
and to a script on siteB, and uses RSA for the form, with B's public
key in javascript, as well as a ID from siteA which is set in siteA's
cookie, user logs in, this form is encrypted and posted to siteB, site
B decrypts using it's private key, accepts if user gets it right and
makes a cURL session to a script on siteA, sending it the ID, which A
stores in database, id->"redirect=no" then it sends back javascript,
parent.location.reload(), to force the page on siteA to reload, now
site A checks whether user with this session needs to be refreshed,
and id is ok, sent from B, so A prints the login form for A with
ACTION pointing to a script on A, or just shows A's data.
Who said anything about all this crap?
From what I understand what the user wants, if someone is signed into
site A, they can access anything on Site B.
thats not what the OP said
I suspect the entire idea is to not have to sign into both sites.
clarification was needed (its why I asked)since thats not what the OP
said
>
If they try to access a page at Site B but don't have the authority,
they are redirected to Site A for sign in. Once signing in, they can
access the page on Site B.
If someone try to access site "A" directory, I want it redirected to
site
"B" for login. After login at site "B", you see the link to site"A".
When
you click it, you see login page for site "A".
it reminds me of stealing credentials - using xss, dont know whats on
the OPs mind really,
it can be done without encryption, sure - I was having fun, lets see
what the users problem actually is
>
As for the rest - what a complicated way of handling things.
--
hardly! just form, some js, and a couple of scripts! not quantum
physics this stuff!
overcomplicated sure, this isnt a hard problem, but whats wrong with
having a little fun, just a quick server-server connection, together
with sessions, but the method used above will work whatever the user
wants
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstuck...@attglobal.net
==================
shimmyshack wrote:
On Jun 30, 2:23 pm, Jerry Stuckle <jstuck...@attglobal.netwrote:
>shimmyshack wrote:
>>On Jun 30, 2:49 am, Jerry Stuckle <jstuck...@attglobal.netwrote:
Ben Sehara wrote:
"shimmyshack" <matt.fa...@gmail.comwrote in message
news:11**********************@m36g2000hse.goog legroups.com...
>On Jun 28, 2:49 pm, Jerry Stuckle <jstuck...@attglobal.netwrote:
>>Ben Sehara wrote:
>>>Is there any way I can limit the access to my website? I have a site
>>>"A" and
>>>I want to allow access to it only from site "B" login user.
>>>If someone try to access site "A" directory, I want it redirected to
>>>site
>>>"B" for login. After login at site "B", you see the link to site"A".
>>>When
>>>you click it, you see login page for site "A".
>>>Is it possible?
>>>Thanks.
>>>Ben
>>Ben,
>>Not easily. The problem here is if you set a cookie on Site B, it won't
>>be sent to site A.
>Was it you that asked this the other day, it is a solveable problem,
>what capabilities do both servers have, do they have php, does only
>one, which one, does one/both have a database, session support?
No, I don't think it's me. This is the first time to post regarding this
topic.
Site "A" has ASP and site"A", my site, has PHP. Both have database and
session support.
Can I use RSS to accomplish this? It just came up in my mind.
Ben
P.S. Please don't top post.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstuck...@attglobal.net
==================
so let me get this straight,
if someone tried to access a directory of A (not the whole of site A,
just a page) and were not logged on at siteB, then they are redirected
there, then on successful login they are redirected back to site A, to
the page they were on, and now site A asks them to log on as well.
user goes to A, site A checks whether it lets the user through, if not
there it makes the ACTION of the form point to an iframe in the page
and to a script on siteB, and uses RSA for the form, with B's public
key in javascript, as well as a ID from siteA which is set in siteA's
cookie, user logs in, this form is encrypted and posted to siteB, site
B decrypts using it's private key, accepts if user gets it right and
makes a cURL session to a script on siteA, sending it the ID, which A
stores in database, id->"redirect=no" then it sends back javascript,
parent.location.reload(), to force the page on siteA to reload, now
site A checks whether user with this session needs to be refreshed,
and id is ok, sent from B, so A prints the login form for A with
ACTION pointing to a script on A, or just shows A's data.
Who said anything about all this crap?
From what I understand what the user wants, if someone is signed into
site A, they can access anything on Site B.
thats not what the OP said
>I suspect the entire idea is to not have to sign into both sites.
clarification was needed (its why I asked)since thats not what the OP
said
>If they try to access a page at Site B but don't have the authority,
they are redirected to Site A for sign in. Once signing in, they can
access the page on Site B.
If someone try to access site "A" directory, I want it redirected to
site
"B" for login. After login at site "B", you see the link to site"A".
When
you click it, you see login page for site "A".
it reminds me of stealing credentials - using xss, dont know whats on
the OPs mind really,
it can be done without encryption, sure - I was having fun, lets see
what the users problem actually is
>As for the rest - what a complicated way of handling things.
--
hardly! just form, some js, and a couple of scripts! not quantum
physics this stuff!
overcomplicated sure, this isnt a hard problem, but whats wrong with
having a little fun, just a quick server-server connection, together
with sessions, but the method used above will work whatever the user
wants
>==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstuck...@attglobal.net
==================
And among other things, requires JS.
But yes, I consider it quite complicated - lots of things which can go
wrong!
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attglobal.net
==================
On Jun 30, 11:44 pm, Jerry Stuckle <jstuck...@attglobal.netwrote:
shimmyshack wrote:
On Jun 30, 2:23 pm, Jerry Stuckle <jstuck...@attglobal.netwrote:
shimmyshack wrote:
On Jun 30, 2:49 am, Jerry Stuckle <jstuck...@attglobal.netwrote:
Ben Sehara wrote:
"shimmyshack" <matt.fa...@gmail.comwrote in message
news:11**********************@m36g2000hse.goog legroups.com...
On Jun 28, 2:49 pm, Jerry Stuckle <jstuck...@attglobal.netwrote:
>Ben Sehara wrote:
>>Is there any way I can limit the access to my website? I have a site
>>"A" and
>>I want to allow access to it only from site "B" login user.
>>If someone try to access site "A" directory, I want it redirected to
>>site
>>"B" for login. After login at site "B", you see the link to site"A".
>>When
>>you click it, you see login page for site "A".
>>Is it possible?
>>Thanks.
>>Ben
>Ben,
>Not easily. The problem here is if you set a cookie on Site B, it won't
>be sent to site A.
Was it you that asked this the other day, it is a solveable problem,
what capabilities do both servers have, do they have php, does only
one, which one, does one/both have a database, session support?
No, I don't think it's me. This is the first time to post regarding this
topic.
Site "A" has ASP and site"A", my site, has PHP. Both have database and
session support.
Can I use RSS to accomplish this? It just came up in my mind.
Ben
P.S. Please don't top post.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstuck...@attglobal.net
==================
so let me get this straight,
if someone tried to access a directory of A (not the whole of site A,
just a page) and were not logged on at siteB, then they are redirected
there, then on successful login they are redirected back to site A, to
the page they were on, and now site A asks them to log on as well.
user goes to A, site A checks whether it lets the user through, if not
there it makes the ACTION of the form point to an iframe in the page
and to a script on siteB, and uses RSA for the form, with B's public
key in javascript, as well as a ID from siteA which is set in siteA's
cookie, user logs in, this form is encrypted and posted to siteB, site
B decrypts using it's private key, accepts if user gets it right and
makes a cURL session to a script on siteA, sending it the ID, which A
stores in database, id->"redirect=no" then it sends back javascript,
parent.location.reload(), to force the page on siteA to reload, now
site A checks whether user with this session needs to be refreshed,
and id is ok, sent from B, so A prints the login form for A with
ACTION pointing to a script on A, or just shows A's data.
Who said anything about all this crap?
From what I understand what the user wants, if someone is signed into
site A, they can access anything on Site B.
thats not what the OP said
I suspect the entire idea is to not have to sign into both sites.
clarification was needed (its why I asked)since thats not what the OP
said
If they try to access a page at Site B but don't have the authority,
they are redirected to Site A for sign in. Once signing in, they can
access the page on Site B.
If someone try to access site "A" directory, I want it redirected to
site
"B" for login. After login at site "B", you see the link to site"A".
When
you click it, you see login page for site "A".
it reminds me of stealing credentials - using xss, dont know whats on
the OPs mind really,
it can be done without encryption, sure - I was having fun, lets see
what the users problem actually is
As for the rest - what a complicated way of handling things.
--
hardly! just form, some js, and a couple of scripts! not quantum
physics this stuff!
overcomplicated sure, this isnt a hard problem, but whats wrong with
having a little fun, just a quick server-server connection, together
with sessions, but the method used above will work whatever the user
wants
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstuck...@attglobal.net
==================
And among other things, requires JS.
But yes, I consider it quite complicated - lots of things which can go
wrong!
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstuck...@attglobal.net
==================
session stuff is standard and trusted, db the same, form posting the
same, as for requiring js, thats just to keep things secure, dont /
have/ to. The only extra step over and above any other method is the
rsa, standard implementation once again, reliable and fast, the
problems as usual would be on the wire, which we are all used coding
for.
shimmyshack wrote:
On Jun 30, 11:44 pm, Jerry Stuckle <jstuck...@attglobal.netwrote:
>shimmyshack wrote:
>>On Jun 30, 2:23 pm, Jerry Stuckle <jstuck...@attglobal.netwrote:
shimmyshack wrote:
On Jun 30, 2:49 am, Jerry Stuckle <jstuck...@attglobal.netwrote:
>Ben Sehara wrote:
>>"shimmyshack" <matt.fa...@gmail.comwrote in message
>>news:11**********************@m36g2000hse.go oglegroups.com...
>>>On Jun 28, 2:49 pm, Jerry Stuckle <jstuck...@attglobal.netwrote:
>>>>Ben Sehara wrote:
>>>>>Is there any way I can limit the access to my website? I have a site
>>>>>"A" and
>>>>>I want to allow access to it only from site "B" login user.
>>>>>If someone try to access site "A" directory, I want it redirected to
>>>>>site
>>>>>"B" for login. After login at site "B", you see the link to site"A".
>>>>>When
>>>>>you click it, you see login page for site "A".
>>>>>Is it possible?
>>>>>Thanks.
>>>>>Ben
>>>>Ben,
>>>>Not easily. The problem here is if you set a cookie on Site B, it won't
>>>>be sent to site A.
>>>Was it you that asked this the other day, it is a solveable problem,
>>>what capabilities do both servers have, do they have php, does only
>>>one, which one, does one/both have a database, session support?
> No, I don't think it's me. This is the first time to post regarding this
> topic.
> Site "A" has ASP and site"A", my site, has PHP. Both have database and
> session support.
> Can I use RSS to accomplish this? It just came up in my mind.
> Ben
>P.S. Please don't top post.
>--
>==================
>Remove the "x" from my email address
>Jerry Stuckle
>JDS Computer Training Corp.
>jstuck...@attglobal.net
>==================
so let me get this straight,
if someone tried to access a directory of A (not the whole of site A,
just a page) and were not logged on at siteB, then they are redirected
there, then on successful login they are redirected back to site A, to
the page they were on, and now site A asks them to log on as well.
user goes to A, site A checks whether it lets the user through, if not
there it makes the ACTION of the form point to an iframe in the page
and to a script on siteB, and uses RSA for the form, with B's public
key in javascript, as well as a ID from siteA which is set in siteA's
cookie, user logs in, this form is encrypted and posted to siteB, site
B decrypts using it's private key, accepts if user gets it right and
makes a cURL session to a script on siteA, sending it the ID, which A
stores in database, id->"redirect=no" then it sends back javascript,
parent.location.reload(), to force the page on siteA to reload, now
site A checks whether user with this session needs to be refreshed,
and id is ok, sent from B, so A prints the login form for A with
ACTION pointing to a script on A, or just shows A's data.
Who said anything about all this crap?
From what I understand what the user wants, if someone is signed into
site A, they can access anything on Site B.
thats not what the OP said
I suspect the entire idea is to not have to sign into both sites.
clarification was needed (its why I asked)since thats not what the OP
said
If they try to access a page at Site B but don't have the authority,
they are redirected to Site A for sign in. Once signing in, they can
access the page on Site B.
If someone try to access site "A" directory, I want it redirected to
site
"B" for login. After login at site "B", you see the link to site"A".
When
you click it, you see login page for site "A".
it reminds me of stealing credentials - using xss, dont know whats on
the OPs mind really,
it can be done without encryption, sure - I was having fun, lets see
what the users problem actually is
As for the rest - what a complicated way of handling things.
--
hardly! just form, some js, and a couple of scripts! not quantum
physics this stuff!
overcomplicated sure, this isnt a hard problem, but whats wrong with
having a little fun, just a quick server-server connection, together
with sessions, but the method used above will work whatever the user
wants
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstuck...@attglobal.net
==================
And among other things, requires JS.
But yes, I consider it quite complicated - lots of things which can go
wrong!
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstuck...@attglobal.net
==================
session stuff is standard and trusted, db the same, form posting the
same, as for requiring js, thats just to keep things secure, dont /
have/ to. The only extra step over and above any other method is the
rsa, standard implementation once again, reliable and fast, the
problems as usual would be on the wire, which we are all used coding
for.
Still needlessly complicated. Won't work for the estimated 10-15% that
have JS disabled, and all kinds of possibilities for other
communications between the two systems to fail.
A kludge just waiting to break. Much easier would be for the two to
have a shared database.
Alternatively, a one-time hash can be used - for instance, take a number
which increments every time, or the current date and a sequential
number. Embed the number in a predefined string and take the MD5 hash
of the resulting string. On the receiving end, validate the hash (same
algorithm) and start the session. Each has can only be used once.
Or any of a number of ways much simpler than yours.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attglobal.net
==================
as previously stated, js isnt required, i was just having fun, and as
for it being a kludge, as you put it, I have being using js rsa for
ages, it's just a standard implementation - maths - works everytime,
but of course you need js! just as crypto on php works everytime but
you need php!
as for there being any number of alernative ways...(?)... the core of
my way is server-to-server com - what you will have to do at some
point, and a form. how is my way more complicated? oh yeah optional
js!
On Jul 1, 3:32 pm, Jerry Stuckle <jstuck...@attglobal.netwrote:
shimmyshack wrote:
On Jun 30, 11:44 pm, Jerry Stuckle <jstuck...@attglobal.netwrote:
shimmyshack wrote:
On Jun 30, 2:23 pm, Jerry Stuckle <jstuck...@attglobal.netwrote:
shimmyshack wrote:
On Jun 30, 2:49 am, Jerry Stuckle <jstuck...@attglobal.netwrote:
Ben Sehara wrote:
>"shimmyshack" <matt.fa...@gmail.comwrote in message
>>news:11**********************@m36g2000hse.go oglegroups.com...
>>On Jun 28, 2:49 pm, Jerry Stuckle <jstuck...@attglobal.netwrote:
>>>Ben Sehara wrote:
>>>>Is there any way I can limit the access to my website? I have a site
>>>>"A" and
>>>>I want to allow access to it only from site "B" login user.
>>>>If someone try to access site "A" directory, I want it redirected to
>>>>site
>>>>"B" for login. After login at site "B", you see the link to site"A".
>>>>When
>>>>you click it, you see login page for site "A".
>>>>Is it possible?
>>>>Thanks.
>>>>Ben
>>>Ben,
>>>Not easily. The problem here is if you set a cookie on Site B, it won't
>>>be sent to site A.
>>Was it you that asked this the other day, it is a solveable problem,
>>what capabilities do both servers have, do they have php, does only
>>one, which one, does one/both have a database, session support?
No, I don't think it's me. This is the first time to post regarding this
topic.
Site "A" has ASP and site"A", my site, has PHP. Both have database and
session support.
Can I use RSS to accomplish this? It just came up in my mind.
Ben
P.S. Please don't top post.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstuck...@attglobal.net
==================
so let me get this straight,
if someone tried to access a directory of A (not the whole of site A,
just a page) and were not logged on at siteB, then they are redirected
there, then on successful login they are redirected back to site A, to
the page they were on, and now site A asks them to log on as well.
user goes to A, site A checks whether it lets the user through, if not
there it makes the ACTION of the form point to an iframe in the page
and to a script on siteB, and uses RSA for the form, with B's public
key in javascript, as well as a ID from siteA which is set in siteA's
cookie, user logs in, this form is encrypted and posted to siteB, site
B decrypts using it's private key, accepts if user gets it right and
makes a cURL session to a script on siteA, sending it the ID, which A
stores in database, id->"redirect=no" then it sends back javascript,
parent.location.reload(), to force the page on siteA to reload, now
site A checks whether user with this session needs to be refreshed,
and id is ok, sent from B, so A prints the login form for A with
ACTION pointing to a script on A, or just shows A's data.
Who said anything about all this crap?
From what I understand what the user wants, if someone is signed into
site A, they can access anything on Site B.
thats not what the OP said
I suspect the entire idea is to not have to sign into both sites.
clarification was needed (its why I asked)since thats not what the OP
said
If they try to access a page at Site B but don't have the authority,
they are redirected to Site A for sign in. Once signing in, they can
access the page on Site B.
If someone try to access site "A" directory, I want it redirected to
site
"B" for login. After login at site "B", you see the link to site"A".
When
you click it, you see login page for site "A".
it reminds me of stealing credentials - using xss, dont know whats on
the OPs mind really,
it can be done without encryption, sure - I was having fun, lets see
what the users problem actually is
As for the rest - what a complicated way of handling things.
--
hardly! just form, some js, and a couple of scripts! not quantum
physics this stuff!
overcomplicated sure, this isnt a hard problem, but whats wrong with
having a little fun, just a quick server-server connection, together
with sessions, but the method used above will work whatever the user
wants
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstuck...@attglobal.net
==================
And among other things, requires JS.
But yes, I consider it quite complicated - lots of things which can go
wrong!
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstuck...@attglobal.net
==================
session stuff is standard and trusted, db the same, form posting the
same, as for requiring js, thats just to keep things secure, dont /
have/ to. The only extra step over and above any other method is the
rsa, standard implementation once again, reliable and fast, the
problems as usual would be on the wire, which we are all used coding
for.
Still needlessly complicated. Won't work for the estimated 10-15% that
have JS disabled, and all kinds of possibilities for other
communications between the two systems to fail.
A kludge just waiting to break. Much easier would be for the two to
have a shared database.
Alternatively, a one-time hash can be used - for instance, take a number
which increments every time, or the current date and a sequential
number. Embed the number in a predefined string and take the MD5 hash
of the resulting string. On the receiving end, validate the hash (same
algorithm) and start the session. Each has can only be used once.
Or any of a number of ways much simpler than yours.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstuck...@attglobal.net
==================
shimmyshack wrote:
On Jul 1, 3:32 pm, Jerry Stuckle <jstuck...@attglobal.netwrote:
>shimmyshack wrote:
>>On Jun 30, 11:44 pm, Jerry Stuckle <jstuck...@attglobal.netwrote:
shimmyshack wrote:
On Jun 30, 2:23 pm, Jerry Stuckle <jstuck...@attglobal.netwrote:
>shimmyshack wrote:
>>On Jun 30, 2:49 am, Jerry Stuckle <jstuck...@attglobal.netwrote:
>>>Ben Sehara wrote:
>>>>"shimmyshack" <matt.fa...@gmail.comwrote in message
>>>>news:11**********************@m36g2000hse. googlegroups.com...
>>>>>On Jun 28, 2:49 pm, Jerry Stuckle <jstuck...@attglobal.netwrote:
>>>>>>Ben Sehara wrote:
>>>>>>>Is there any way I can limit the access to my website? I have a site
>>>>>>>"A" and
>>>>>>>I want to allow access to it only from site "B" login user.
>>>>>>>If someone try to access site "A" directory, I want it redirected to
>>>>>>>site
>>>>>>>"B" for login. After login at site "B", you see the link to site"A".
>>>>>>>When
>>>>>>>you click it, you see login page for site "A".
>>>>>>>Is it possible?
>>>>>>>Thanks.
>>>>>>>Ben
>>>>>>Ben,
>>>>>>Not easily. The problem here is if you set a cookie on Site B, it won't
>>>>>>be sent to site A.
>>>>>Was it you that asked this the other day, it is a solveable problem,
>>>>>what capabilities do both servers have, do they have php, does only
>>>>>one, which one, does one/both have a database, session support?
>>> No, I don't think it's me. This is the first time to post regarding this
>>> topic.
>>> Site "A" has ASP and site"A", my site, has PHP. Both have database and
>>> session support.
>>> Can I use RSS to accomplish this? It just came up in my mind.
>>> Ben
>>>P.S. Please don't top post.
>>>--
>>>==================
>>>Remove the "x" from my email address
>>>Jerry Stuckle
>>>JDS Computer Training Corp.
>>>jstuck...@attglobal.net
>>>==================
>>so let me get this straight,
>>if someone tried to access a directory of A (not the whole of site A,
>>just a page) and were not logged on at siteB, then they are redirected
>>there, then on successful login they are redirected back to site A, to
>>the page they were on, and now site A asks them to log on as well.
>>user goes to A, site A checks whether it lets the user through, if not
>>there it makes the ACTION of the form point to an iframe in the page
>>and to a script on siteB, and uses RSA for the form, with B's public
>>key in javascript, as well as a ID from siteA which is set in siteA's
>>cookie, user logs in, this form is encrypted and posted to siteB, site
>>B decrypts using it's private key, accepts if user gets it right and
>>makes a cURL session to a script on siteA, sending it the ID, which A
>>stores in database, id->"redirect=no" then it sends back javascript,
>>parent.location.reload(), to force the page on siteA to reload, now
>>site A checks whether user with this session needs to be refreshed,
>>and id is ok, sent from B, so A prints the login form for A with
>>ACTION pointing to a script on A, or just shows A's data.
>Who said anything about all this crap?
> From what I understand what the user wants, if someone is signed into
>site A, they can access anything on Site B.
thats not what the OP said
>I suspect the entire idea is to not have to sign into both sites.
clarification was needed (its why I asked)since thats not what the OP
said
>If they try to access a page at Site B but don't have the authority,
>they are redirected to Site A for sign in. Once signing in, they can
>access the page on Site B.
If someone try to access site "A" directory, I want it redirected to
site
"B" for login. After login at site "B", you see the link to site"A".
When
you click it, you see login page for site "A".
it reminds me of stealing credentials - using xss, dont know whats on
the OPs mind really,
it can be done without encryption, sure - I was having fun, lets see
what the users problem actually is
>As for the rest - what a complicated way of handling things.
>--
hardly! just form, some js, and a couple of scripts! not quantum
physics this stuff!
overcomplicated sure, this isnt a hard problem, but whats wrong with
having a little fun, just a quick server-server connection, together
with sessions, but the method used above will work whatever the user
wants
>==================
>Remove the "x" from my email address
>Jerry Stuckle
>JDS Computer Training Corp.
>jstuck...@attglobal.net
>==================
And among other things, requires JS.
But yes, I consider it quite complicated - lots of things which can go
wrong!
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstuck...@attglobal.net
==================
session stuff is standard and trusted, db the same, form posting the
same, as for requiring js, thats just to keep things secure, dont /
have/ to. The only extra step over and above any other method is the
rsa, standard implementation once again, reliable and fast, the
problems as usual would be on the wire, which we are all used coding
for.
Still needlessly complicated. Won't work for the estimated 10-15% that
have JS disabled, and all kinds of possibilities for other
communications between the two systems to fail.
A kludge just waiting to break. Much easier would be for the two to
have a shared database.
Alternatively, a one-time hash can be used - for instance, take a number
which increments every time, or the current date and a sequential
number. Embed the number in a predefined string and take the MD5 hash
of the resulting string. On the receiving end, validate the hash (same
algorithm) and start the session. Each has can only be used once.
Or any of a number of ways much simpler than yours.
as previously stated, js isnt required, i was just having fun, and as
for it being a kludge, as you put it, I have being using js rsa for
ages, it's just a standard implementation - maths - works everytime,
but of course you need js! just as crypto on php works everytime but
you need php!
as for there being any number of alernative ways...(?)... the core of
my way is server-to-server com - what you will have to do at some
point, and a form. how is my way more complicated? oh yeah optional
js!
(Top posting fixed)
Which is it - do you need js or don't you? As for whether you need it
or not - you have control over the server and PHP implementation. You
have *no* control over the client and what they have installed.
So you can always guarantee crypt() and other php function work - but
you can never guarantee anything related to js works.
As I said - yours takes a lot of programming and is needlessly
complicated. There are many simpler ways, of which I indicated two.
And please don't top post.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attglobal.net
================== This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Fran Tirimo |
last post by:
I am developing a small website using ASP scripts to format data retrieved
from an Access database. It will run on a Windows 2003 server supporting
FrontPage extensions 2002 hosted by the company...
|
by: Brian Loesgen |
last post by:
The next San Diego .Net User Group meeting is Tuesday, November 25,
2003 at the Scripps Ranch Library.
Scripps Ranch Library
10301 Scripps Lake Drive
San Diego, CA 92131-1026
Please join us...
|
by: Dave |
last post by:
Hi,
I have found some code on the Microsoft knowledge base that 'should' allow
me to send emails and attachments
However the code tries to use Outlook and i want it to use outlook Express
...
|
by: cmrchs |
last post by:
Hi,
I can't make <allow roles...> to work in web.config
I'm logging on as 'Administrator' and try to access a site for which the IIS-authentication method is set to 'Integrated Windows' only
...
|
by: cmrchs |
last post by:
Hi,
I can't make <allow roles...> to work in web.config
I'm logging on as 'Administrator' and try to access a site for which the IIS-authentication method is set to 'Integrated Windows' only
...
|
by: matt |
last post by:
I get this error: Error: uncaught exception: Permission denied to call
method XMLHttpRequest.open
I think I need to sign my script, but not sure if what I want to do
will even work.
So let me...
|
by: Douglas J. Badin |
last post by:
Hi,
The problem with Authorization is it stops at the first match and doesn't
permit Grouping.
On the Web Site, I am trying to Secure Page Access and SiteNaviagation by
implementing the...
|
by: Sid |
last post by:
I hope somebody could help me with this.
I have a access database which includes some forms, queries and
tables. Once I upload it on to the office network, I was hoping if I
could set up...
|
by: CindySue |
last post by:
I'm using a subform linked to the main form by a bidder number field. In the subform, I added a group header and put the field LS in it so that it would list all records designated as Live first...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
| |
