[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: WWW servers.



Black Unicorn:
>> Does there currently exist a system which permits webservers to restrict 
>> access to clients who have a given certification?

Sameer:
>       Yup.
....
>       =) Stronghold: The Apache-SSL-US, coupled with XCert
>Sentry. What else?

Bill Stewart:
>Of course, there's a simpler approach; restrict access to people
>who have logins and passwords, and only give those to people
>who have the certification...

But of course, cleartext passwords have their own problems.  You really
need to make use of the fact that there is a computer at both ends so you
are protected from replay attacks.  With that caveat, passwords work fine
(except for the difficulty of remembering a bunch of them vs. the
insecurity of using the same one multiple places or writing them down).


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
[email protected] | dead teenagers | Los Gatos, CA 95032, USA