Off Server Protection

Discussion in 'Pre-Sales Questions' started by djcasual, Sep 30, 2003.

  1. djcasual

    djcasual Guest

    We work with a third party company that provides and hosts a good portion of content for us. This company allows us to add html and javascript to the header and footers for branding purposes. They will not allow use to use php, perl, .htaccess or any other server side programming on their servers. These files are updated dynamicly so we do not want to manage or download the files to our servers.

    Can aMember provide off-server protection and require registration to access this off site content?
    My guess is some type of javascript/cookie protection method is needed?
    Or can a javascript/cookie protection method be created (we would be willing to pay extra for such a plug-in)?



    (I originally posted this in the wront topic, sorry for the double post)
  2. djcasual

    djcasual Guest


    haven't heard from anyone, are there no sale people here?
  3. ryan

    ryan Guest

    Hi. Your question is very confusing. What do you mean by "off-site"? Do you mean on another server but on the Internet? You want to run amember on Server 1, have people register on Server 1, and be automatically logged in when they go to Server 2? Please explain in more detail.

    There is no way around using PHP and mysql. There are thousands of shared web hosting providers who'll provide you service for as low as $2 to $5 per month. If you are a commercial business, it's probably worth the switch.
  4. djcasual

    djcasual Guest


    Thanks for your reply, I'll try and explain this a little better.

    Server 1 = Our dedicated server that hosts our main site, we can run any type of programming including php and mysql. This is where we will install aMember.

    Server 2 = Co-branded vendor server. They supply us headlines that we use on Server 1, headlines are linked back to Server 2 content. We can edit header and footer properties for this content for branding purposes on Server 2. Server 2 is not capable of php, perl or any other type of server side programming.

    So as you can see, I can install aMember and add php or mod-rewrite protection on Server 1 easily. However, on Server 2 all I can do is edit header and footer properties for these pages. On server 2, I can add CSS, javascript, java and cookie support. This is why I asked if a plug-in could be written for Javascript/Cookie protection.

    I know that Javascript/Cookie protection wouldn't be 100% protected because it relies on the client side programming to be executed correctly, but this is something we are willing to live with.

    An example of javascript/cookie protection can be seen on this site:
    I believe the protection has a treshold, so you will need to click on a few headline links to see the protection in action.

    They seem to be using technology called InSite by Nando Media:
    I believe they host the database and software. I've called these folks for pricing, but they are totally out of our price range.


  5. djcasual

    djcasual Guest

    The more I research the idea of javascript/cookie protection, the more I believe this can be done.

    1. Use javascript to access and set write/read/expire cookie values.
    2. Redirect the visitor to a login page based on the value of a stored cookie.
    3a. If no cookie is found then create one and redirect to login/registration.
    3b. Once the user logs-in then the correct value to view pages in the cookie is set and the user is redirect back to the page he is trying to visit.
    4. If cookie has correct value then the page loads as normal and no redirect is required.
    5. Expire cookie based on users registration settings. (keep alive always or login always).

    Of course, this would only work on javascript capable pages and would not be secure at all. Visitors could also disable javascript or cookies and make the plug-in useless. Again, this wouldn't be a problem for us since the content we want to protect with javascript/cookie protection isn't extremely valuable.

    Hope you guys will seriously look into this, I'm willing to help anyway I can and pay for this type of protection plugin.

  6. Ardy

    Ardy Guest

    Why don't you *include* the server 2 content in your server 1 members area instead? I've done this on so many projects I've lost count, using a couple of useful scripts (hope Alex doesn't mind me posting this URL, they don't have anything comparable to aMember so I'm trusting that it doesn't count as a competitive ad):

    The Includer:
    (to include files from elsewhere on your server without using SSI)

    The Executer:
    (to include files or script results from any server anywhere on any page)

    I've found both to be really useful for building member content areas as you can successfully hide the actual source of the content (URL) to avoid circumvention, and share the same information between your different sites and servers without duplication.

    Hope it helps!
  7. djcasual

    djcasual Guest


    I've been down this road before, I'll experiment with the include script you have provided. I'll have to work out details, my problem is that I get hundreds of headlines updated every 20 minutes so I would have to write more code to parse and update those links to use the include script.

    While I do like the idea and this solution could work, how much resources are we talking about by using the LWP perl module. We average about 100,000 page views a month for Server 2 and cgi seems to be extremly I/O intense.

  8. alex-adm

    alex-adm Guest

    djcasual, seems it is very late response, but I would use PHP built-in cURL functions - it would be more resource-saving.
  9. djcasual

    djcasual Guest


    What is PHP cURL and how does it work?

  10. alex-adm

    alex-adm Guest

  11. surepurchase

    surepurchase Guest

    Where do I set the cURL path?

    I'm getting an error "cURL path is not set"
  12. alex-adm

    alex-adm Guest

    Try to set it to /usr/bin/curl and you would better contact with this question.

Share This Page