Fellow designers...

I would appreciate some input regarding your opinions of a design
scheme to accomplish something similar to the following:

Lets assume one has a single production server running Linux and
Apache 2.x.x with mod_ssl and using PHP for the primary development
language.

On that box it has configured multiple virtual sites named site A, B,
C, D, etc and one of them, site Z is configured as a secured site
(SSL).

Each virtual site runs a different web application suite, each with a
different identity, look and feel and NOT secured. However, as with
most sites there always is a section that requires security for
purposes such as gathering/updating personal information, perhaps
charging a fee, accepting donations, etc.

As in the current scheme of things there is only ONE SSL site allowed
per machine (i.e.: per physical IP address), I am thinking that when
secured services are needed my design could transparently switch
virtual sites over to the "Z" site to handle those pages and when
complete (or when cancelled) returns control back to the originating
site (A, B, C, etc). In fact, the programs/scripts called from the
Z site would be of the same naming scheme as the calling site so they
would KNOW how to look and feel and when necessary where to return
control.

--------------------------------------------------------------------------------------------------

So, does this design concept make any sense to anyone who's "been
there, done that" before? Is there a better way to solve this
"mousetrap"? Any holes in my concept?

As I have no one available with the correct skills to bounce this off
of, any and ALL , suggestions, ideas, etc will be GREATLY
appreciated.

Thanks and I'm looking forward to your kind responses.

Bob

bobmct <r.mariotti@fdcx.net> writes:
> So, does this design concept make any sense to anyone who's "been
> there, done that" before? Is there a better way to solve this
> "mousetrap"? Any holes in my concept?

This is usually called SSO (Single Sign On) or SUL (Single User Login).
There are various ways to do it depending on the application.

bobmct <r.mariotti@fdcx.net> writes:
> So, does this design concept make any sense to anyone who's "been
> there, done that" before? Is there a better way to solve this
> "mousetrap"? Any holes in my concept?

This is usually called SSO (Single Sign On) or SUL (Single User Login).
There are various ways to do it depending on the application.

bobmct <r.mariotti@fdcx.net> writes:
> So, does this design concept make any sense to anyone who's "been
> there, done that" before? Is there a better way to solve this
> "mousetrap"? Any holes in my concept?

This is usually called SSO (Single Sign On) or SUL (Single User Login).
There are various ways to do it depending on the application.

bobmct <r.mariotti@fdcx.net> wrote in
news:fva162lokmmoo5rvovg9942o7b2s2svvfk@4ax.com:

> As in the current scheme of things there is only ONE SSL site
> allowed per machine (i.e.: per physical IP address),

One thing we have done here is to use a different port. On the same
server and within the same instance of apache, it is possible to have
https://vhosta:443/ and https://vhostb:444/ as separate web sites. To
avoid (maybe) confusion, at the cost of combinatorial explosion, we also
accept https://vhostb:443/ and https://vhosta:444/ and redirect them. The
problem is not that you can have only one SSL site, but that by the time
you have decrypted the initial SSL dialog, it is too late to change to a
different virtual server.

As it happens, we are now hoping to abandon this scheme, and are moving
towards virtual servers (at the OS level) using vserver, each running
it's own copy of apache, using IP aliases to separate them. This will not
scale as far as you can with mass virtal hosting at the apache level
though.

Chris Ritson.