Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations MikeeOK on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Authentication in Windows as per Linux 2

Status
Not open for further replies.
ratnapokharel

ratnapokharel

Programmer
Dec 5, 2002
4
US
We have two servers, one linux and one windows. LInux is our main web server and has all the user authentication. Windows is oracle 9ias web server that has some php files
to diplay oracle dynamic data. Those php files are accessed by the same user in Linux.
Customers log in to linux and see thier index page that has links to 9ias php pages and they run the reports.

But if they copy the hyperlink and run it without logging into linux they can still access and run those php files because there is no authentication in windows.
So
1) we want customers not be able to run windows php files without linux authentication.
2)How to know in windows that somebody has already been authenticated in linux, are there any tokens that can be passed or checked?
 
Sort by date Sort by votes
I would consider a front-end back-end server configuration in which the back-end only accepts connections from the front-end. That would involve some system programming but is probably worthwhile.
I don't know much about the Windows side, but the front-end proxy with Linux and Apache should be fairly easy to be configured.
 
Upvote 0 Downvote
Set a cookie whe the user logs on, store the cookie value in the db...make it a random value string, so that even if they copy it, the program won't allow access. Write something like the pseudocode below, and include it in each report file...

Code: 
//on the oracle machine
$auth = $_COOKIE['authenticate'];

//run query to check value of cookie
//if match then allow user access
//if no match, redirect to the linux server

A better solution is to have all the php code on one webserver and use PHP to access the oracle db...then authentication is not a worry and sessions can be better utilized to make things work more smoothly

Bastien

Cat, the other other white meat
 
Upvote 0 Downvote
HI DRJ478, Thankx
Can you give some idea how to configure?I am fairly new in this configuration.

Otherwise I have to go with Cookie as mentioned by Bastien
.
 
Upvote 0 Downvote
our company does not want to cookies because many people disable it. So is there a better way??
Can somebody help?
 
Upvote 0 Downvote
I'll get back to you with more details about the proxy.
Let me know, what version of Apache are you using?
 
Upvote 0 Downvote
if no cookie attach a variable to the url, create the url on th efly with this element, and place it into the db, similar to the cookie...

<a href="/myreport.myserver.com?my_id=3154845218>Click for report</a>

expire the value after some pre-determined time has lapsed, half hour hour, whatever

Bastien

Cat, the other other white meat
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

W
  • Locked
  • Question
how to send checked row data in php
Replies
0
Views
513
wiltang2004
W
PeDa
  • Locked
  • Question
Basic Authentication fails to authenicate
Replies
0
Views
510
PeDa
PeDa
SashaBuilder3
  • Locked
  • Question
import CSV file into MySql table in PhpMyAdmin
Replies
0
Views
887
SashaBuilder3
SashaBuilder3
rmak78
  • Locked
  • Helpful tip
LIMIT USERS ACCESS PER DAY BY IP
Replies
0
Views
397
rmak78
rmak78
EdLentz
  • Locked
  • Question
Partial link in email
Replies
1
Views
487
spamjim
spamjim

Part and Inventory Search

Sponsor

Back
Top