I have a site in domain A, in which there is a page with the html form, in which the user can enter a string that is sent to domain B.
The form currently contains a hidden input field with a name / value that domain B uses to “authenticate” / identify domain A.
Now I am, first of all, a C # encoder with minimal network experience, and even I know that this is not a safe way to do this.
What is the best way for a form in domain A to securely submit to domain B?
Some of the ways I've looked at are:
Domain B defines domain A by domain name or IP. I suppose this would be better than a hidden input field, but the domain name and IP can be tampered with, right?
Have domain A authentication credentials (for example, user / password) in domain B through any other method than the hidden field. Not sure how to do this.
Edit
Another possibility: create a private / public key. Ask domain A to transfer the private key to domain B, which verifies the use of the public key, possibly via HTTPS. Not sure how Domain A will pass the private key without exposing it to HTML. Ideas?
source
share