authentication - Can two different clients somehow share cookies? -

-

Set up here: I have a server-based application. Therefore, all the data is on the server (this is called server 'A') and users connect to that server using a desktop-based rich client. The rich client also gives the user the ability to connect to another server (this is called 'X'), which is completely unrelated to server A. Question: The user has logged into the 'X' client, and therefore the rich client has the right cookie to prove against the server X. Now, the user creates an invitation on server A, for which server A needs to go out and get some data from the server. Is it possible to deal in some way Server A was given to certify against Server X that Rich Client has already certified against Server X. Is there a way to share cookies (working as a second customer with Server A)? Or somehow the server has been returned to the authenticated request of a forwarded server X to the rich client and it resolves against the cookie in the rich customer. BTW, we use the HP Client of Apache.

I am not very knowledgeable about server interaction, but trying to see how easy / difficult or common / rare it is to do something like this, is it possible to do it in a safe way?

At a basic level, text data between all the HTTP communication clients and servers should be forwarded further. Therefore, if you extracted cookies from the server X response and passed them in server A's request, as long as the cookie data is removed and the cookies are considered to be included in a new request for server X You will succeed to get what you are asking for .

In short .. Cookies are just text data that passes back and forth among servers and customers, you can get that data and pass it wherever you like. . (Although you probably want to break a lot of security practices), though

However ... many server requests are becoming clever about the attacks of the net and the fact that remote host, client IP etc. Can cancel different requests or at least the alarm server X So before conducting any blanket about the feasibility of the strategy, test all the tests / platform / products on the platform well.


Comments

Post a Comment

Popular posts from this blog

c++ - Linux and clipboard -

-
After selecting the copies of the buffer in Linux, after the text, we can click and paste the button between the mouse. I think there is a special buffer for this, I want to use it. Programming Language: C ++ Your Library: Qt Thanks. There is just one more correct answer than Paul Dixon, which answers your needs: / P > QClipboard * clipboard = QApplication :: clipboard (); CastString Selected Text = Clipboard-> Text (QClipboard :: Selection);
Read more

What is expire header and how to achive them in ASP.NET and PHP? -

-
I have examined the performance statistics of my website today. I have received a warning (or error may occur) that is given below Add Terminal Headers Here are 15 static components without a 15-futures end date * (no end) Http://www.example.com/video/css/global.css * (no time limit) http://www.example.com/video/js/global.js * (no expiration ) Http: //www.example.com/video/images/main-bg.png what it means and how to achieve it both in PHP and ASP.Net. I am on a shared hosting server, so please tell me some ways to use the code, because I can not make any modifications at the end of the server. If I expire the header, then there is no chance that if I make changes to the CSS, then the user will not be able to remove them immediately because CSS and other files have a fixed time limit (1 month, week ) Are cached for. Is Is there any harm to using PHP? $ time = time () + 3 * 24 * 60 * 60; // 3 day headings ('End:'. GMDAT ('D, D MYH: i: s \ g \ m \ t',
Read more

sql server - How can I determine which of my SQL 2005 statistics are unused? -

-
After a few years, one of my biggest databases has deposited 73 figures out of its largest tables. With Indexes, I can run many types of reports and queries, how often / heavily specific indexes are used. What is an equivalent for data? We are running SQL 2005. To make statistics automatically managed and honest, I would like to "update statistics", "create statistics" and There is no information about any management except "drop statistics" orders. In theory, UPDATE should handle the addition and removal of statistical data. In addition, I've never heard about the amount of storage or storage taking in large amounts, so I'm not sure whether there is any reason for the alarm or not. If you are seeing a potential problem, then I would suggest running an update before, if it does not clean it, it is leaving and then it appears to be safe operation (because it is the only query optimizer Is for). I will not leave "left" in the
Read more