codingmasterRS Posted February 18, 2011 Share Posted February 18, 2011 Hi guys, quick question. Now I have a PHP project, now the best way to protect this project is to sell it bundled with managed hosting (by me). Now problem is I want to be able to offer LDAP authentication (starting to see my problem? ), anyway I thought if I had the purchaser place a PHP page (login form) on their website hosting which people would put details in and would authentication (through a local LDAP function) and then send the username etc via HTTPS to my site and then redirect (due to login) as necessary. Would this work? Could it work? Would it be secure? And would it allow login to my site and not allow forced login (that is not using the form etc). So many thanks in advance. Quote Link to comment https://forums.phpfreaks.com/topic/228106-split-tiered-login-system/ Share on other sites More sharing options...
codingmasterRS Posted February 19, 2011 Author Share Posted February 19, 2011 someone must have an idea about this? Quote Link to comment https://forums.phpfreaks.com/topic/228106-split-tiered-login-system/#findComment-1176587 Share on other sites More sharing options...
ale8oneboy Posted February 19, 2011 Share Posted February 19, 2011 I could see this working fine. I do something very similar internally on some of my projects. However I would recommend your remote login script to pass some kind of shared security token to your app. It may be a token that changed on a fairly regular bases to detour someone else from authenticating themselves with a known user. Another food for thought would be to restrict by IP which clients can send remote login info. Anyone else have any thoughts to add? Quote Link to comment https://forums.phpfreaks.com/topic/228106-split-tiered-login-system/#findComment-1176607 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.