nadeemshafi9 Posted May 18, 2009 Share Posted May 18, 2009 hi guys i need to authenticate over a url i cant think of any crypt decript hash combo that would not make me look stupid as url's are easily referenced in the browser and teh user can just cut and paste even an encrypted pwd whats the solution for authenticating over a url ? thnaks guys Quote Link to comment Share on other sites More sharing options...
RussellReal Posted May 18, 2009 Share Posted May 18, 2009 just do base64 coz u can encode and decode or you could do some salted push algorithm Quote Link to comment Share on other sites More sharing options...
nadeemshafi9 Posted May 19, 2009 Author Share Posted May 19, 2009 but i dont understand if theyt see the base 64 encoded password cant they just get the url and teh base 64 pwd and re visit it ? Quote Link to comment Share on other sites More sharing options...
Masna Posted May 19, 2009 Share Posted May 19, 2009 What information are you trying to encrypt? Does it have to be passed through the URI? Quote Link to comment Share on other sites More sharing options...
jackpf Posted May 19, 2009 Share Posted May 19, 2009 You could use a session and pass the session ID through the URI. Quote Link to comment Share on other sites More sharing options...
nadeemshafi9 Posted May 19, 2009 Author Share Posted May 19, 2009 basicaly i have 2 servers that need to communicate sensitive data, the first server fopens and freads a web service on the other or basicaly a url to an mvc server2.getarray outputs a serialised representation of an array produced by serialize(ini_parse(myini)). server1.retrivedArray = unserialize(fopen fread http://server2/api/systeminifile/getarray) i would liketo authenticate myself when requesting data from http://server2/api/systeminifile/getarray i would like to do it throgh the url IF IT IS POSSIBLE i dont whant anyone to be able to go to http://server2/api/systeminifile/getarray and see the serialized data i was thinking that it may be used in ajax calls but actualy if its only used in PHP the user will never see the URL with teh password appended to it. So in fact it may be ok to just pass a password on teh url. Quote Link to comment Share on other sites More sharing options...
RussellReal Posted May 20, 2009 Share Posted May 20, 2009 Y use urls, why not just establish a socket connection between both servers and then just send data thru the socket Quote Link to comment Share on other sites More sharing options...
nadeemshafi9 Posted May 20, 2009 Author Share Posted May 20, 2009 Y use urls, why not just establish a socket connection between both servers and then just send data thru the socket hahaha if only it were that simple Quote Link to comment Share on other sites More sharing options...
RussellReal Posted May 21, 2009 Share Posted May 21, 2009 Why isn't it that simple? Quote Link to comment Share on other sites More sharing options...
nadeemshafi9 Posted May 21, 2009 Author Share Posted May 21, 2009 Why isn't it that simple? how simple is it ? you shoiw me, we have a socket connection running as a deamon that i work with in a infi loop but it uses a 3rd party class to open and close and transmit read, let me go check php.net and see teh code Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.