Re: Security stumper [mildly OT]

This WebDNA talk-list message is from

2004

It keeps the original formatting. numero = 57198
interpreted = N
texte = Phil Herring wrote:> - can't use passwords, way too many users> > - not all the users are on the same network, so screening by IP won't work> > - I considered screening by referrer (they can click a link on their> intranet to get to the site) but that would block people using bookmarks> If the universe of users is well controlled (i.e. all employees of the bank), you could use self-signed certificates (both server and client). We are doing something like this right now, using Novell to generate the certs, but you can do it with OpenSSL as well. You didn't talk about what server O/S you are using, but Apache will handle all of the security for you with mod_ssl.Basically, you create a self-signed server certificate and then issue client certs to each user (you have to install the self-signed trusted root in the browser too). Within the Apache configuration, you can require a client cert and even check the cert parameters to make sure that they match some criteria. I'm actually doing that bit in Perl, so I can actually show custom content based on their Distinguished Name.You can check out this site:http://www.openca.org/openca/though that may be overkill for your purposes...John-- John PeacockDirector of Information Research and TechnologyRowman & Littlefield Publishing Group4501 Forbes BoulevardSuite HLanham, MD 20706301-459-3366 x.5010fax 301-429-5748-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

Re: Security stumper [mildly OT] ( Tim Robinson 2004)
Re: Security stumper [mildly OT] ( John Peacock 2004)
Re: Security stumper [mildly OT] ( Matthew A Perosi 2004)
Security stumper [mildly OT] ( Phil Herring 2004)

Phil Herring wrote:> - can't use passwords, way too many users> > - not all the users are on the same network, so screening by IP won't work> > - I considered screening by referrer (they can click a link on their> intranet to get to the site) but that would block people using bookmarks> If the universe of users is well controlled (i.e. all employees of the bank), you could use self-signed certificates (both server and client). We are doing something like this right now, using Novell to generate the certs, but you can do it with OpenSSL as well. You didn't talk about what server O/S you are using, but Apache will handle all of the security for you with mod_ssl.Basically, you create a self-signed server certificate and then issue client certs to each user (you have to install the self-signed trusted root in the browser too). Within the Apache configuration, you can require a client cert and even check the cert parameters to make sure that they match some criteria. I'm actually doing that bit in Perl, so I can actually show custom content based on their Distinguished Name.You can check out this site:http://www.openca.org/openca/though that may be overkill for your purposes...John-- John PeacockDirector of Information Research and TechnologyRowman & Littlefield Publishing Group4501 Forbes BoulevardSuite HLanham, MD 20706301-459-3366 x.5010fax 301-429-5748-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ John Peacock

DOWNLOAD WEBDNA NOW!

Re: Security stumper [mildly OT]

2004

Top Articles:

Related Readings: