authentication - Cross Platform Login -


i working on application user authentication happens in coldfusion application (based on cfwheels), interactions file servers happen through node.js application. need make sure user logged in on cf application allowed access files in node server. thinking of setting cookie cftoken or node server can read , pass coldfusion asking "hey can token access file"

my problem wasn't sure if cftokens re-used eventually, , if should use instead?

if other people have other ways of doing sort of thing authentication needs reusable across multiple engines love hear strategies.

that sounds fine way it.

but, use cfcookie set cookie of own devising.

the 2 servers have share domain name, of course, able read same cookie. have set cookie domain cookie.

one clean way architect create whole cfc devoted security.

it have methods generating , validating login tokens.

your cf application use generate token, , have node.js application call via webservice using the

http://server.com/path/security.cfc?method=validatetoken&token=whatever

an more efficient way this, assuming have access same datastore, use same algorithm generate/decode (if needed) tokens in both systems, , let node.js app directly access datastore.

when needed this, stored "session" tokens in mongodb, , directly accessed datastore each application (cf, java, , rails). cf system responsible initial authentication. other 2 systems did no authentication, validated token, , if not found/invalid/etc, responded in appropriate way.


Comments

Post a Comment

Popular posts from this blog

apache - Add omitted ? to URLs -

i working on website cms reads page name of query string, e.g. http://exmaple.com/?pagename . trying create rewrite rule rewrite ? . so, user types in /pagename , taken /?pagename try this: rewriteengine on rewritecond %{request_filename} !-d rewritecond %{request_filename} !-f rewriterule ^/?(.*) index.php?$1 [l]
Read more

redirect - bbPress Forum - rewrite to wwww.mysite prohibits login -

i using bbpress installation without wordpress integration. the redirect of rewriteengine @ forum site works: rewriteengine on rewritecond %{http_host} ^forum.mysite.com$ rewriterule (.*)$ http://www.forum.mysite.com/$1 [r=301,l] the problem login pppress. bbpress login not recognize: http://www.forum.mysite/bb-login.php . it redirects to: http://forum.mysite.com/bb-login.php . i tried permalink settings none , name based, same issue. does uses redirect in bbpress or how can eliminate "double" content , redirect permanently www.? i redirected www.forum.mysite.com forum.mysite.com , achieved eliminate "double" content.
Read more

php - How can I stop spam on my custom forum/blog? -

so have custom built forum & blog system of late has been dealing lot of spam. if wordpress use akismet, if different common platform i'm sure i'd find plugin. there kind of static class can download this? using php. i'd still go akismet, if it. uses outside of wordpress, may have pay fee it, depending on use -- check terms , conditions -- it's option , easy implement in php using api. use api key wordpress. com account access. basically, grab whichever php client library takes fancy -- use alex potsides' php5 library -- plug in key, , it's handful of lines of code. here's bare bones of validation straight 1 of live sites: ... if ($akismet) { $akismet->setcommentauthor($name); $akismet->setcommentauthoremail($session->userinfo["email"]); $akismet->setcommentauthorurl(""); $akismet->setcommentcontent($sentence);...
Read more