i'm reaching out drawing out solution , want make sure i'm doing securely , properly.
i'm using following resource, well: https://crackstation.net/hashing-security.htm
the task
- generate token (aka authentication code)
- embed token in jsp , send token via url get/post php server.*
- php server makes restful web service call jsp server. call passes token.
- jsp server receives token , uses authenticate user , returns requested data php server. continuation of same restful web service.
you can see here jsp server generate , decode token. question how securely generate token (aka authentication code)?
do need use kind of private key?
or, can apply salt includes, amongst other things, date , time, store salt , token in database?
thank help.
update
*i want flesh part out make more clear what's happening. user logged jsp web application. 1 of jsp pages introduces php web application user. on same jsp page, there link opens php page that's located on separate domain, separate server (obviously, it's php server). php page https login page php web application. however, instead of entering user name , password, idea use token authenticate.
i have direct control of jsp server, don't have direct control on php server. else controls it, can negotiate handshake process person.
with above said, how can securely pass token jsp php login page, since get/post apparently not secure?
Comments
Post a Comment