[ILUG] server to server security and auth.
Padraig.Brady at compaq.com
Mon Sep 18 12:40:07 IST 2000
The following might be of use.
It's opensource, and used to create
encrypted tunnels between machines.
A quote from the page is:
"Of course, Zebedee is by no means the first, or
only secure tunnel program available. It does not
pretend to compete with the likes of ssh, SSL or
FreeS/WAN in terms of breadth of function but if
you want something quick, simple and completely
free then it may be the tool for you."
> -----Original Message-----
> From: Donncha O Caoimh [mailto:donncha.ocaoimh at tradesignals.com]
> Sent: 18 September 2000 10:07
> To: ILUG
> Has anyone done any work on communicating between servers using HTTP?
> I'm working on providing an API that developers can use to access
> various services on Tradesignals.com but has to be as secure as
> possible. SSL is a possibility but it's likely that our partners won't
> have SSL capable programs on their servers.
> Some ideas:
> Send username and password with every request. (Really bad I know!)
> Generate a one-time password/identifier using a known
> algorithm+time of
> day+password (a bit over the top! we'd have to implement solutions for
> our partners..)
> Remote server logs in to our server, receives a session ID which is
> valid for X hours and uses the session ID in any request for that
> Use the IP address of the remote server for auth.
> The idea here is that whatever system we use has to be as simple as
> 'Course, if I had my way, we'd use SSL or public key
> Comments & ideas welcome!
More information about the ILUG