By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
438,521 Members | 1,460 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 438,521 IT Pros & Developers. It's quick & easy.

SOAP: Handling Logins

P: n/a
I currently have a site with a large database of member information
(user,password, first name, last name, yada, yada). I'm looking to
create an API off which other sites can interface with my user
database -- obtain limited information, user interests, etc...

So let's assume a website has its own login form which authenticates
users against my database (all over SOAP). It sends a username and
password to my server; if the user / pass is valid, soap returns true
and the user is allowed to login.

The problem is, this setup would allow the website to cache and store
the usernames and passwords thus duplicating my unique database and
opening up security vulnerabilities.

Is there an architecture that can be established to allow external
sites to build off my system and to allow users to authenticate
against my database without the possiblity of storing the data?

Any ideas would be greatly appreciated!
Jul 17 '05 #1
Share this Question
Share on Google+
1 Reply


P: n/a
In article <6e**************************@posting.google.com >, ensnare wrote:
I currently have a site with a large database of member information
(user,password, first name, last name, yada, yada). I'm looking to
create an API off which other sites can interface with my user
database -- obtain limited information, user interests, etc...

So let's assume a website has its own login form which authenticates
users against my database (all over SOAP). It sends a username and
password to my server; if the user / pass is valid, soap returns true
and the user is allowed to login.

The problem is, this setup would allow the website to cache and store
the usernames and passwords thus duplicating my unique database and
opening up security vulnerabilities.

Is there an architecture that can be established to allow external
sites to build off my system and to allow users to authenticate
against my database without the possiblity of storing the data?

Any ideas would be greatly appreciated!

You might want to read this:
http://www-106.ibm.com/developerwork...wa-singlesign/

--
Tim Van Wassenhove <http://home.mysth.be/~timvw>
Jul 17 '05 #2

This discussion thread is closed

Replies have been disabled for this discussion.