Firewalls: Re: 'The best way' to authenticate on a Web Server

Firewalls
(October 1997)

Indexed By Thread: [Previous] [Next]

Subject:	Re: 'The best way' to authenticate on a Web Server
From:	Frank Willoughby <frankw @ in . net>
Date:	Mon, 20 Oct 1997 15:32:15 -0500
To:	"Domenico Viggiani" <viggiani @ hotmail . com>
Cc:	firewalls @ greatcircle . com
In-reply-to:	<19971020082057 . 7277 . qmail @ hotmail . com>

At 01:20 AM 10/20/97 PDT, Domenico Viggiani wrote:

I've got a plane to catch, so I'll be exceedingly brief.

>I'm sorry if the question is not for this mailing-list...
>
>What is 'the best way' to authenticate an user on a Web Server in order 
>to allow using of *distributed* resources like databases, reports, etc.?
>
>Transmission of passwords in clear-text over the network is not allowed.

Encrypt the session from the remote user to the firewall.  Most of the 
better firewalls provide this capability.  This is better anyway, since
any sessions which rely on authentication-only for security are vulnerable 
to session hijacking.

Best Regards,

Frank
The opinions of the author of this mail may not necessarily be 
representative of the opinions of Fortifed Networks, Inc.

Fortified Networks, Inc. - http://www.fortified.com/
Expert (vendor-neutral) Computer and Network Security Consulting
Phone: (317) 573-0800     Fax: (317) 573-0817

References:

'The best way' to authenticate on a Web Server
From: "Domenico Viggiani" <viggiani @ hotmail . com>

Indexed By Date	Previous:	Re: sex, lies, and firewall code From: Frank Darden <fdarden @ locked . com>
Indexed By Date	Next:	RE: sex, lies, and firewall code From: "Craig S. Wright" <craig . wright @ asx . com . au>
Indexed By Thread	Previous:	'The best way' to authenticate on a Web Server From: "Domenico Viggiani" <viggiani @ hotmail . com>
Indexed By Thread	Next:	Re: 'The best way' to authenticate on a Web Server From: Nick Simicich <njs @ scifi . squawk . com>