Cross domain security

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
User avatar
kendall
Forum Regular
Posts: 852
Joined: Tue Jul 30, 2002 10:21 am
Location: Trinidad, West Indies
Contact:

Cross domain security

Post by kendall »

Hello,

I have build a login system that allows access from one domain to another domain. A theory being planned is to use an iframe or frame set to host the page from the other domain and set a cookie that has both domains so that the cookie can be accessed.

I have usually used session variables rather than cookie based as it is much safer but i'm not sure what my approach is in this instance

please advise me

Kendall
User avatar
neophyte
DevNet Resident
Posts: 1537
Joined: Tue Jan 20, 2004 4:58 pm
Location: Minnesota

Post by neophyte »

Someone correct me if I'm wrong, but I thought SOAP was the protocol of choice for cross site logins?
User avatar
kendall
Forum Regular
Posts: 852
Joined: Tue Jul 30, 2002 10:21 am
Location: Trinidad, West Indies
Contact:

Post by kendall »

neophyte wrote:Someone correct me if I'm wrong, but I thought SOAP was the protocol of choice for cross site logins?
Really?...uhm...isn't that some sort of XML thing? well i don't know SOAP but what you think of the scenario...personally im reluctant to undertake this project

Kendall
User avatar
neophyte
DevNet Resident
Posts: 1537
Joined: Tue Jan 20, 2004 4:58 pm
Location: Minnesota

Post by neophyte »

I've never had to do a multi-site single login before across servers but I think I've heard of it done with SOAP.
Post Reply