3

I have a site (A) for main project with user system (which is supposed to display all student competitions and academic events in my country for registred users. The site is also enabling users to sign them to these events and some other things. The A account includes just basic information as name, school, email, field of interest, ...)

Also I'm building a site (B) as "subproject" (for finding part-time jobs and collaboration with bigger organizations in subject field. Also, there are going to be more of similiar future subprojects, so (B) represent a set of child sites). The B sites requires the same data as in A and a few more to be filled in. All subproject will be maintained by the same group of people as the one from main project.

I thought that it would be nice to enable users to login to B sites with account from A but also make it possible to register to B with individual account because users don't have to generally come only from the main A site and may be only interested only in B.

Both servers are running PHP and MySQL service. The B sites will not be hosted on the same server as A so they will have to communicate through Internet, obviously.

I planned following scenario, so far:

  1. User logs in to B with credentials from A
  2. B hashes password and send it with user name through secured channel to A
  3. A compares user and hashed password with its database and either send message with error back or
  4. B logs user in

But my main problem is the part with secure communication, I've looked up some of the basics like that the servers would need a certificate to recognize each other but I haven't found any concrete piece of code to start with.

Also there is a problem with storing the user data, because B needs to be able to show certain field on public website, it would be nonsence to look for them on remote DB, I think. But that leads to storing A user profile fields on B server, so it would be useless to do the whole thing anyway.

I would appreciate any advice!

Tomáš Faikl
  • 31
  • 2
  • 1
    Is it requires that A and B be on separate servers? If not, it would be more secure and a lot easier to manage. They could be different sites, but if on the same server, then adding a column for org ID would allow you to keep the data separate, while also allowing you to do cross-org queries. You could also maintain user accounts for each org, while still allowing access when needed for related information on other orgs. – Sloan Thrasher Apr 17 '17 at 01:58
  • Another method would be to use remote access to the other DB. – Sloan Thrasher Apr 17 '17 at 01:58
  • It looks like the most convinient way, but I don't want *B* to be a subdomain of *A* (like b-site.a-site.com). But is it possible to do it in a way that would not require subdomains and still both sites would be hosted on the same server? – Tomáš Faikl Apr 29 '17 at 08:27
  • Each could have it's own domain. How to do it depends on your host, but if they have cPanel, it should be easy. With shared hosting, accessing multiple DB's is pretty easy. – Sloan Thrasher Apr 29 '17 at 10:08

1 Answers1

0

Well if you have admin access your servers, then you can set up a site to site vpn for securing the communication between the servers.

You can also install SSL certificates on your servers and send data over the SSL secured channels

Another option is to encrypt the messages being sent between the servers using Php.

Nadir Latif
  • 3,690
  • 1
  • 15
  • 24