Advice on passwords..

Hi…

I have need to make a link on a page on Doman A automatically pass a
username and password to a page (so that PHP can access them as
variables) on Domain B.

So, user surfing domain A (intranet) clicks on link and gets access to
page on Domain B (internet) without the password being visible to the
world at large.

The problem is the ppl at Domain A do not have PHP installed and I don’t
even know if they are a windows or unix machine…

Ideas on how to do this…?

Re: Advice on passwords…

Shena Delian O’Brien wrote:
> Ideas on how to do this…?

Idea:
Have the link point to a URL on Domain A, that script then stores the
user/pass to somewhere accessable from Domain B and then send the user a
redirect to Domain B with a special unique code in it that can only be
used once to retreive that user/pass. That script on Domain B then sets
the cookies or sessions and such and redirects the user to the page on
Domain B that the link was pointing to.

If no connection between Domain A and Domain B is possible to retrieve
the details, then some sort of time dependant decoding of the variables
should be used that the server keeps track of and will only decode it once.

  • Gilby

Re: Advice on passwords…

Domain A is completely unable to do any scripting except JavaScript.

Gilby wrote:
> Shena Delian O’Brien wrote:
>
>> Ideas on how to do this…?
>
>
> Idea:
> Have the link point to a URL on Domain A, that script then stores the
> user/pass to somewhere accessable from Domain B and then send the user a
> redirect to Domain B with a special unique code in it that can only be
> used once to retreive that user/pass. That script on Domain B then sets
> the cookies or sessions and such and redirects the user to the page on
> Domain B that the link was pointing to.
>
> If no connection between Domain A and Domain B is possible to retrieve
> the details, then some sort of time dependant decoding of the variables
> should be used that the server keeps track of and will only decode it once.
>
> - Gilby
>

Re: Advice on passwords…

Does it have to be a link? You could have a form with only a Submit
button and some hidden fields containing USER/PASS, and then POST the
whole thing to your PHP on domain B.

Shena Delian O’Brien wrote:
> Domain A is completely unable to do any scripting except JavaScript.
>
> Gilby wrote:
>
>> Shena Delian O’Brien wrote:
>>[color=darkred]
>>> Ideas on how to do this…?
>>
>>
>>
>> Idea:
>> Have the link point to a URL on Domain A, that script then stores the
>> user/pass to somewhere accessable from Domain B and then send the user
>> a redirect to Domain B with a special unique code in it that can only
>> be used once to retreive that user/pass. That script on Domain B then
>> sets the cookies or sessions and such and redirects the user to the
>> page on Domain B that the link was pointing to.
>>
>> If no connection between Domain A and Domain B is possible to retrieve
>> the details, then some sort of time dependant decoding of the
>> variables should be used that the server keeps track of and will only
>> decode it once.
>>
>> - Gilby
>>
>[/color]

Re: Advice on passwords…

I was thinking of that but wouldn’t the hidden fields actually be
visible if the user did a view source?

ted wrote:
> Does it have to be a link? You could have a form with only a Submit
> button and some hidden fields containing USER/PASS, and then POST the
> whole thing to your PHP on domain B.
>
> Shena Delian O’Brien wrote:
>
>> Domain A is completely unable to do any scripting except JavaScript.
>>
>> Gilby wrote:
>>[color=darkred]
>>> Shena Delian O’Brien wrote:
>>>
>>>> Ideas on how to do this…?
>>>
>>>
>>>
>>>
>>> Idea:
>>> Have the link point to a URL on Domain A, that script then stores the
>>> user/pass to somewhere accessable from Domain B and then send the
>>> user a redirect to Domain B with a special unique code in it that can
>>> only be used once to retreive that user/pass. That script on Domain B
>>> then sets the cookies or sessions and such and redirects the user to
>>> the page on Domain B that the link was pointing to.
>>>
>>> If no connection between Domain A and Domain B is possible to
>>> retrieve the details, then some sort of time dependant decoding of
>>> the variables should be used that the server keeps track of and will
>>> only decode it once.
>>>
>>> - Gilby
>>>
>>
>[/color]

Re: Advice on passwords…

yes. you could use a javascript thing to sort of hide the information,
but that’s not really perfect.

Shena Delian O’Brien wrote:
> I was thinking of that but wouldn’t the hidden fields actually be
> visible if the user did a view source?
>

Re: Advice on passwords…

Shena Delian O’Brien wrote:
> Domain A is completely unable to do any scripting except JavaScript.

How does domain A know the username and password?

  • Gilby

Re: Advice on passwords…

Gilby wrote:
> Shena Delian O’Brien wrote:
>
>> Domain A is completely unable to do any scripting except JavaScript.
>
>
> How does domain A know the username and password?
>
> - Gilby
>

I give it to them…

Re: Advice on passwords…

Shena Delian O’Brien wrote:
>> How does domain A know the username and password?
>>
>> - Gilby
>>
>
> I give it to them…

And how is it kept track of? In cookies?

  • Gilby