Sechan, Gabe wrote:
I'm setting up a wiki for a system that has an
existing corporate
login system. We want it to be integrated with this system, rather
than relying on an external one. Especially I don't want it to set
any type of cookie to check user id, as this may weaken the security
of the existing system. Basicly anywhere it figures out the user id,
I'd like to pull that and rely on my code to figure out what user it
is (I will still have a user table in the db, it will map external
user ids to wiki ids). Can anyone point me out to what files would
need to be changed? I'm guessing User.php, but what file actually
does the logon sequence?
So, basically, you want to rewrite PHP's sessioning system?
You have to remember that login and authentication is only have the
battle. The other is sessions (because HTTP is stateless). The most
common way of doing this is cookies.
Cookies are not shared with other sites, unless they have Javascript
running under the current one (see the cross-site scripting issues). So
a properly configured cookie assignment should not be sent to anything
other than the wiki.
In order for us to assist you, you will have to give us (some) details
as to how this "login system" works (ie, how do web apps know who the
user is). (If it uses LDAP, already been done.)
HTTP authentication has been discussed but I am not aware of any actual
implementations.
-- Jamie
-------------------------------------------------------------------
http://endeavour.zapto.org/astro73/
Thank you to JosephM for inviting me to Gmail!
Have lots of invites. Gmail now has 2GB.