>
> Hello,
>
> On Aug 21, Jon Spencer wrote
> > session - when you cross the system boundary and connect to a
> > system, you create a "session,"
>
> The problem with this is, that the session is only enforced within the B2
> Systems. If you plug a B2 Firewall to a Unix/NT Intranet and allow Access from
> authenticated Users to some internal Hosts there is no way the firewall can
> enforce the protcetion which data is visible and which not. In fact the
> Firewall is unable to know. (The Firewall can't look inside a telnet
> connection to a 'non-B' Unix Host and control which files are allowed to
> touch and which not). This means all of your applications have torun on B2
> Systems to gain from that Session controlling.
Not true. Since B2 networking is included in the system, intranet trafiic
can be controlled as well. connections through the firewall to various
internal hosts can be limited by host at worst (other strategies exist to
do better than this).
In addition, for http-type connections, inbound filters can do whatever
level of restriction you would like at the object name level. On both
inbound and outbound traffic of whatever type, keyword filters can be
used as well.
>
> Greetings
> Bernd
>
> BTW: how does B2 Systems communicate and send the information about the
> Trust you (dont) put into a sesion? Is there a kind of Kerberos Token
> Parsing or Global User Token System?
I don't quite understand the question. With what or whom is the B2 system
communicating to send the information about the trust ... ?
--
Jon F. Spencer spencerj @
rtp .
dg .
com
Data General Corp. Phone : (919)248-6246
62 Alexander Drive, MS #119 FAX : (919)248-6108
Research Triangle Park, NC 27709 Office RTP 121/9
There is no such thing as a small interference with property.
Andrew J. Galambos
No success can compensate for failure in the home.
President David O. McKay
***** UCC 1-207 ********
Follow-Ups:
References:
|
|
