[ILUG] server to server security and auth.
Donncha O Caoimh
donncha.ocaoimh at tradesignals.com
Mon Sep 18 10:10:46 IST 2000
Has anyone done any work on communicating between servers using HTTP?
I'm working on providing an API that developers can use to access
various services on Tradesignals.com but has to be as secure as
possible. SSL is a possibility but it's likely that our partners won't
have SSL capable programs on their servers.
Send username and password with every request. (Really bad I know!)
Generate a one-time password/identifier using a known algorithm+time of
day+password (a bit over the top! we'd have to implement solutions for
Remote server logs in to our server, receives a session ID which is
valid for X hours and uses the session ID in any request for that
Use the IP address of the remote server for auth.
The idea here is that whatever system we use has to be as simple as
'Course, if I had my way, we'd use SSL or public key
Comments & ideas welcome!
More information about the ILUG