Amfphp Plugin FPCAuthentication

FPCAuthentication is an AMFPHP plugin that manages authentication of user with a login

and a password. The plugin offers two ways to authenticate, a basic and a elaborate one.

The basic method is a simple call to the server with the user login and its secret value

(generally a digest of a password) and the server grants or rejects the access according

to these two values. This method is simple but not 100% secured if not used over a secured

connection (a https connection) since message can be intercepted and even if a digest of

the password is sent, this digest is the password for the server.

The elaborate method is an exchange of 4 messages between the server and the client.

The secret of the user is never sent explicitly nor a direct digest of it. This method

allows the authentication of the user on the server but also the authentication of the

server on the client side. Also, it provides a random password only known by the client

and the server and only valid as long as the user does not logout. This temporary password

can be used to send sensible data to the server without compromising the user password.

Rejoignez nous