Site A is an employee resource site with user authentication, database with employee info etc. Client hostedand managed.
Site B is a LMS and training site separate domain and webhost, developed and created by me.
Objective: User logs into Site A, clicks a link and it taken to Site B and autenticated. Database on Site B will contain only UserID and training progress data.
Authentication is done by Site A passing the UserID via POST, Site B compares to it's database as well as checks the HTTP referer to make sure the link is orginating from the proper location. The problem is, Some networks or systems don't seem to pass the referer.
I know this is a dated method, and not very secure. It doesn't need super-security, but something more than just passing a UserID in the Form Post. What would be a better soltuion for this providing reliaiblity and semi-security?
1
Reply
AdChoices