|Solution for the secure authentication||Search|
|SMS & MMS Technical Forum » NowSMS Support - SMS Issues (Product Support Only) » Archive through April 08, 2009 » Solution for the secure authentication||« Previous || Next »|
Post Number: 4
We have the following scenario:
1. User create a messages queue via our website
2. Queue is being stored in the database
3. When user sending message, website engine queries user’s password from database and generate HTTP request to NowSMS instance.
I think that storing password is very bad for security, is there any chance to solve that issue?
Good solution if NowSMS allows to submit messages without password from authorized IP addresses (like ip of the site).
|Bryce Norwood - NowSMS Support
Post Number: 7745
Des and I have been discussing this trying to figure out the best way to reply.
We agree that what you describe is not a good solution.
If I were implementing this scenario, I'd probably go about it a little differently.
Do you need to have all of the user accounts defined in NowSMS? Or since users are only submitting via your web site, which they are already authenticating with ... would it make sense for you to use only a single account on the NowSMS side (for your website engine to interface with NowSMS), and manage all of the users and accounting quotas when users submit into your web site?
Post Number: 8
Hello Bryce and Des!
Thanks for your response!
Here is my point of view :-)
How you should act if you want to integrate your web site with NowSMS? NowSMS web based menu doesn’t have enough functionality and flexibility to meet changing customer needs.
If we use NowSMS for storing user accounts, how can we query user info? Like passwords or allowed ips. Then we have to duplicate data. On the other hand, if use NowSMS only like sms gateway and submit messages over 1 account, we have to re-create all program logic by ourselves, like balances, quotas, access type and so on.
By my opinion, the best way to reach the balance is to give developers access to inner NowSMS data, like we can query user balance but we can’t query is account balance enabled, we can enable/disable access type but we can’t know what access type enabled atm or just query user statistics. That feature will give great impulse for integrating NowSMS into foreign systems.