Yes it's doable. You need to require Netscape or MS Internet Explorer
(or other SSL-enabled browser) everywhere, but that's probably OK for an
internal network.
You need a CGI login process which accepts the securid code as input,
authenticates it, and sets the Mozilla 'cookie' to allow access to the
rest of the site. If the authentication fails, no cookie. :)
Netscape or OpenMarket could clearly help build this system. If this is
truly valuable information you need to protect, you would need one of
their secure servers.
-Josh
Bill Heiser wrote:
>
> I was asked if it's possible to use SecurID to control access
> to a web server ... i.e. to provide very limited access to
> the information presented on a server.
>
> In a way I think this doesn't make sense because by its vary nature
> a web server isn't secure anyway. It'd be like putting a deadbolt on
> the front door but leaving the windows unlocked.
>
> On the other hand, if the server is behind a firewall which provides
> very limited access, .... maybe it would be useful..
>
> What do you think? And what do you think about the actual implementation?
> Is it doable?
>
> Thanks in advance,
> Bill
>
> --
> Bill Heiser heiser @
world .
std .
com
--
_____________________________________________________________________
Josh Hartmann josh @
the-tech .
mit .
edu
The New York Times josh @
nytimes .
com
Electronic Media Company
1120 Ave. of the Americas 212 597 8057
New York, NY 10036 fax 212 597 8081
_____________________________________________________________________
References:
|
|
