two databases/ one and two locations

BEFOR

POST CLARIFIED 9.10.05 10:28

I have two related sites, each with mysql databases. Each with seperate logins.

My Objective(s):

Mainly to maintain two related yet independent sites, from a security standpoint. Many users will be logging into one site while many will be logging into one or the other site(s). Each site of course checks for unique password values only on its own table.

What I do to prevent the 'crossing of logins' where one set of passwords issued from site "B" happens to match site "A" login -- perhaps some dozed off user is by chance logging into the undesired 'other site'.

Practical reason: If you belong as a member to master site "A", you'll receive 30% everything you purchase on site "B" .

Usernames/passwords do need to be kept separate -- for the idea of checking one site's username/password values against the others' on creation (or updating by users) -- I beleive it would be far too awkward to keep updated in real time. /// importing username/password list or even synchronising databases.

Any suggestions besides doing manual updates by the admin? ('24 to 48 hrs to process') With both sites being hosted remotely, could I not log into adminster both sites at once and make the necessary adjustments? Could I frame one site within an admin panel? (speaking here not of usernames/passwords but of simply transferring needed values - - plan type, that enables discount, etc)

Still -- about transferring values between sites -- triggering emails & confirmations with special links that pass URL variables sounds highly questionable. (ex: sign up for "A" -- trigger an email for them to confirm on site "B" -- which would update table values)

Usernames on both sites are not using email addresses, thankfully. Another factor is that some users are registered on site "B" while not many are registered on "A" yet.

Currently -- passwords are being auto-generated on site "B" and users cannot change their passwords, inconvenient as it is.

While passwords on site "A" are auto-generated but users do have the option to change their passwords. This is the more heavily used site of the two by far.

So, is it best to keep it this way to prevent common user/password combinations from logging into other user accounts in error?

I could see where common username/password combinations could potentially be a problem for any sites on the internet. EX: A common username/password combination for ebay could be used to log in to a common username/password combination for amazon.com. Two different users.

It seems my best guard when operating two related sites is that one password field should stay auto-generated. Is this on the right track?

nemonoman

Based on the parameters you state, the problem is practically impossible to resolve. Not that it can't be resolved, but your parmeters make the solution highly impractical and astonishingly difficult. Time to go back to the drawing board.

BEFOR

PLease review -- I update the post not 2 minutes ago, then edited

nemonoman

If you own both databases, you can certainly test username/password trials for duplication before saving, whether the password was being created on website A or B. You would need to set up your databases to allow access from the non-local site. If registering on site A, check database B. If OK, insert user data into database A and B. If registered on site A, note 30% discount on site B.

The whole websites in frames interaction idea is very impractical based on your description, however.