I am implementing kerberos in php. Here, a trusted authenticating server issues ticket for the purpose of authenticating client to other server. Thus there involves transferring of tickets and ids, etc among the three entities( auth server, client and other server). So now the question is what can be use to transfer data? For example, the client logs in on other sever. The auth server creates an encrypted ticket for client.Now this must be transferred to the client. similarly client needs to send this ticket to other server, so that other server can verify it. I have some options like cURL or javascript XHR. I'm not sure if they can be used in this situation. I seek someones guidance. Thank you.
Asked
Active
Viewed 152 times
1 Answers
0
I would go with cURL. If you use Javascript you are exposing URLs where you are going to process data, and this could make a possible security breach. Ofcourse, you must never trust user-input, but to me it's simple: Only use server-side
SativaNL
- 541
- 1
- 3
- 16