Saturday, February 12, 2011

Secure Login Page

I get a free Authenticated SSL certificate with my fancy new WestHost Cloud Server.

I only get to use the account on one domain. After a great deal of thinking, I used the certificate for the empty domain iRivers.com.

The two pieces of information I want to keep secure are email addresses and passwords.

So, I created a registration form.

I am now working on a secure Login Form. The secure login form.

The secure login is interesting. First, the page checks to see that the user accessed it through a secure port. The user then selects a destination web site and enters their user name and password. If the user name and password match the account on the server the system will create a secure single use token.

The login program redirects the user to the destination site with the token. The destination site queries iRivers.com with the token. If the token is valid, the destination site responds back with a packet containing user and session information.

This design allows me to use the same user base for any web site I create in the future.

The next step is to integrate this design with Oauth and Open ID ... but I will leave those challenges for another day.

Monday, February 07, 2011

Framing Mobile Sites

While waiting for the DNS to propagate on the Community Color Sites, I decided to write a fun page calling for web masters to unite and create mobile versions of their web sites.

A big advantage of mobile sites is that people can display them in small windows on their desk top, or even embed them in iframes, as I do below.

Using a simple iFrame set at a size of a mobile phone screen, I can test too see what it looks like. This page is set at 320px. Because I want the pages to stay in the frame, I avoid using the target tag.

Sunday, February 06, 2011

Moving Community Color

I am moving the Community Color sites to a Westhost Cloud Server. Being on a cloud server means that I will have resources to add new funcationality (and I do have functionality planned.

To avoid the possibility of lost data, I turned the registration and add event programs off. They will be back on when the domains point to the new server.