What Are Security Problems With Piggybacking Authentication Off Another Site (basic Auth)?
I have a WSS installation that's behind basic authentication/SSL (it's hosted at a public web host). I'm creating a sister site in ASP.NET, and am considering just running the credentials through and allowing users to log into the new system providing there is no 401 Not Authorized error returned.
Both are internet-facing applications that will be used by about 20-50 people.
What am I missing? I've never heard of this recommended before, but I don't see why it wouldn't work.
I can't see any major problems with that - you'll obviously want to make sure both servers are using SSL if you've got to send that over the Internet, but other then that it sounds like an elegant way to share credentials between applications.
- → Keeping uploaded files secure but still available via https
- → Can Cookies be securely sent from one machine to another to access a resource
- → how to build form_ajax() function with data-request-validate attribute
- → How to allow api access to android or ios app only(laravel)?
- → uploading docx via OctoberCms media manager
- → Firebase simple blog (confused with security rules)
- → Lumen HTTP Basic Authentication without use of database
- → OctoberCMS Media Finder. Invalid Security Token
- → Licensing system for client side code web application
- → Content security policy. webcomponent. script src DataURI .Can I override HTTP HEADER by META tag?
- → Laravel 5.1 - Display images stored in Storage folder
- → Laravel Ratchet socket Auth