At 01:20 AM 10/20/97 PDT, Domenico Viggiani wrote:
I've got a plane to catch, so I'll be exceedingly brief.
>I'm sorry if the question is not for this mailing-list...
>What is 'the best way' to authenticate an user on a Web Server in order
>to allow using of *distributed* resources like databases, reports, etc.?
>Transmission of passwords in clear-text over the network is not allowed.
Encrypt the session from the remote user to the firewall. Most of the
better firewalls provide this capability. This is better anyway, since
any sessions which rely on authentication-only for security are vulnerable
to session hijacking.
The opinions of the author of this mail may not necessarily be
representative of the opinions of Fortifed Networks, Inc.
Fortified Networks, Inc. - http://www.fortified.com/
Expert (vendor-neutral) Computer and Network Security Consulting
Phone: (317) 573-0800 Fax: (317) 573-0817