'lo.
] I was asked if it's possible to use SecurID to control access
] to a web server ... i.e. to provide very limited access to
] the information presented on a server.
Yes it's possible.
] In a way I think this doesn't make sense because by its vary nature
] a web server isn't secure anyway. It'd be like putting a deadbolt on
] the front door but leaving the windows unlocked.
Erm, why, because it's a web server? Make a secure web server,
they do exist, if not just in my head.
] On the other hand, if the server is behind a firewall which provides
] very limited access, .... maybe it would be useful..
Then you're accepting the fact that the web server isn't sekoor,
which is probably a good thing to, but not necessary. You COULD
have a secure web server, but that's not your question....
] What do you think? And what do you think about the actual implementation?
] Is it doable?
I dunno, I do know that ncsa's httpd server has things like this:
# <Directory /usr/local/infoserv/ftp.01/./home/CUSTOMER>
# Options All
# AllowOverride None
# AuthUserFile /usr/local/etc/httpd.dir.CUSTOMER/conf/.htpasswd
# AuthGroupFile /dev/null
# AuthName By Secret Password Only!
# AuthType Basic
<Limit GET>
Which would imply to me that 'AuthType Basic' could be changed to
'AuthType SNK' or 'AuthType SKey' somehow.....
Anyone know if work's being done w/ ncsa's server or another?
-alan
Follow-Ups:
References:
|
|
