[PFB] Re: Html-PHP help

Stephen Smith scsmith1451 at totacc.com
Mon Jun 19 15:38:17 MDT 2006

Actually, I'm not necessarily committed to PHP for the solution.  JSP 
may be a viable solution.  Let me extend my description of the problem 
and maybe that will help narrow the options for a solution.

We have contracted with a third party to build and host our website (not 
my choice...a polictically directed solution, and don't squawk at the 
complexities associated with such an idiotic decision). The website must 
control access to private data associated with an insurance company, its 
policy holder, agents, etc.  To control access to this data, we have 
determined that we will be the controllers of all reports and critical 
data, however, the hosting service will still have the front-end until a 
report is required.  At that time we will require that the session 
redirect to our secure server for data presentation.

However, the hosted website also has pages that need to be tailored 
based on the authentication of the user involved.  Since our server is 
the only one that know who is authorized and what they can access, we 
need to be the controllers of the authentication services.  The 
complexity then involves getting the authorization credentials back to 
the hosting server so it can tailor landing pads based on the type of 
access (policy holders can see certain information, agents can see 
different info, etc.).  One of the credentials that we want to return is 
a secure session id that needs to be sent back to our server when 
reporting is requested (via a different page).  Our server will then 
control data access based on a lookup of the session id.

The intent of this effort is to control what is accessible on both 
servers with a single logon which is not controlled by the primary 
server.  What we don't want to do is push data to the primary server for 
authentication, because it will always be out of date with respect to 
the business and we have no confidence that security can be maintained 
by either the primary server or the hosting service.

Does this sound more like JSP than PHP?  Could the login be securely 
controlled by a JAVA applette rather than a scripting language, then 
turn over control to PHP from that point forward?

More information about the PLUG mailing list