Access Server Intranet public

Tuesday 05 September 2006 8:01:45 am

Hi,
I have made a knowledge database with ezpublish for my partners and customers, it will be filled by intranet's user but my partners can make comments. I want to know in which server I must install it.

my first choice is to install ezpublish on our intranet server(freebsd) and synchronize(rsync) files from intranet to our public server (freebsd also) and do a Sql replication but in this case, my partners couldn't post comments as the SQL server(on the web public server) will be slave.

so my second choice is to install ezpublish on the web server and to make a link on our Intranet server but we don't want a double authentification as we have already to authentificate(LDAP) on the Intranet, we could send login and password by url but it's may be unsafe(even if it's encoded with a password_hash)

sorry for my poor english

Thursday 07 September 2006 7:31:09 am

You can create your own SSO module as an extension and
send the encrypted login data in combination with a timestamp
through the header.

Within your SSO extension you can compare the timestamp within the header with the current timestamp and check for a timeout of 30 second.

This would reduce the sucurity issues...

Mit freundlichen Grüßen
Best regards

Norman Leutner

____________________________________________________________
eZ Publish Platinum Partner - http://www.all2e.com
http://ez.no/partners/worldwide_partners/all2e_gmbh

Tuesday 12 September 2006 6:47:06 am

Thx for your very helpful advice for solving my problem,
the problem is our boss seem to prefer solution 1 as it would be less unsafe(articles posted are very confidential) even if it can trigger problems (it's an sql replication so external users can't logged in without modified database'tables)
Nevertheless, Im tryin' thinking about the SSO module
Im looking forward to hearing from your articles.