Security and stuff

Paul (Paul.Wain@brunel.ac.uk)
Thu, 25 Nov 1993 08:50:23 +0000 (GMT)


Hi,

I know this has probably all be dealt with before but a question anyway :)

I am looking at a Web (erm did we agree to use this short form :)
application that needs some inherent security built into it for passing
information access rights/usernames & passwords to the server from the
client.

The problem being that ideally this doesnt want to be left around in a
URL or indeed end up being included into a URL, since we do not want the
information that is providing access being left around.

We cannot also assume that the person accessing the information will be
on the same host all the time (for example although this is coming at
you from 134.83.128.30, I am sitting on 134.83.112.57, and could indeed
be running my Mosaic 2.0 client from anywhere of our 12 or so sub
nets).

Has there been any discussion on this and cryptographic authentication
techniques? Are there any documents on it? Or is it an up and coming
issue? Sorry for all the questions :)

Oh one last thing we cant always assume that the request is going to be
coming in from a UNIX box, or even using a pure URL/HTML style request
since ideally we are also looking at DOS Gopher access to it too :) Yeah
I know a pain, but...

Anyway any information would be appreciated.

Paul

(p.s. Sorry if I got some of my WWW terminology wrong but its early :)
If it had been later in the day I would have been awake :)

--

******************************************************************** ** Paul Wain, (X.500 Project Engineer & WWW/httpd person), Computer ** * Centre, Brunel University, UXBRIDGE, Middlesex UB8 3PH, ENGLAND * ** E-MAIL: Paul.Wain@brunel.ac.uk ** ********************************************************************