codingmasterRS Posted February 18, 2011 Share Posted February 18, 2011 Hi guys, quick question. Now I have a PHP project, now the best way to protect this project is to sell it bundled with managed hosting (by me). Now problem is I want to be able to offer LDAP authentication (starting to see my problem? ), anyway I thought if I had the purchaser place a PHP page (login form) on their website hosting which people would put details in and would authentication (through a local LDAP function) and then send the username etc via HTTPS to my site and then redirect (due to login) as necessary. Would this work? Could it work? Would it be secure? And would it allow login to my site and not allow forced login (that is not using the form etc). So many thanks in advance. Link to comment https://forums.phpfreaks.com/topic/228106-split-tiered-login-system/ Share on other sites More sharing options...
codingmasterRS Posted February 19, 2011 Author Share Posted February 19, 2011 someone must have an idea about this? Link to comment https://forums.phpfreaks.com/topic/228106-split-tiered-login-system/#findComment-1176587 Share on other sites More sharing options...
ale8oneboy Posted February 19, 2011 Share Posted February 19, 2011 I could see this working fine. I do something very similar internally on some of my projects. However I would recommend your remote login script to pass some kind of shared security token to your app. It may be a token that changed on a fairly regular bases to detour someone else from authenticating themselves with a known user. Another food for thought would be to restrict by IP which clients can send remote login info. Anyone else have any thoughts to add? Link to comment https://forums.phpfreaks.com/topic/228106-split-tiered-login-system/#findComment-1176607 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.