I currently have a site with a large database of member information
(user,password, first name, last name, yada, yada). I'm looking to
create an API off which other sites can interface with my user
database -- obtain limited information, user interests, etc...
So let's assume a website has its own login form which authenticates
users against my database (all over SOAP). It sends a username and
password to my server; if the user / pass is valid, soap returns true
and the user is allowed to login.
The problem is, this setup would allow the website to cache and store
the usernames and passwords thus duplicating my unique database and
opening up security vulnerabilities .
Is there an architecture that can be established to allow external
sites to build off my system and to allow users to authenticate
against my database without the possiblity of storing the data?
Any ideas would be greatly appreciated!
(user,password, first name, last name, yada, yada). I'm looking to
create an API off which other sites can interface with my user
database -- obtain limited information, user interests, etc...
So let's assume a website has its own login form which authenticates
users against my database (all over SOAP). It sends a username and
password to my server; if the user / pass is valid, soap returns true
and the user is allowed to login.
The problem is, this setup would allow the website to cache and store
the usernames and passwords thus duplicating my unique database and
opening up security vulnerabilities .
Is there an architecture that can be established to allow external
sites to build off my system and to allow users to authenticate
against my database without the possiblity of storing the data?
Any ideas would be greatly appreciated!
Comment