forms and secure authentication
David Stodolsky
david.stodolsky at socialinformatics.org
Sat Nov 23 06:38:03 PST 2002
On Friday, November 22, 2002, at 01:25 AM, Eric Soroos wrote:
> You may want to check out digest authentication. It's what the control
> panel uses. It's a basic authentication with challenge-response, iirc.
> Your other good option is ssl for the transport. Note also that
> cookies have a lot of the same issues as transmitting passwords, as
> they can also be authentication tokens.
This is a very helpful overview. What is needed, however, are some
HowTos showing the best way to achieve the security Manila/Frontier is
capable of. They should cover protection of both content and
identities, and indicate what types of attacks are stopped. Most
security breaches are due to human factors, so the fact that
Manila/Frontier can't offer "bullet proof" security is really not a
major problem.
However, anyone who has reached the point of knowing that security by
obscurity is inadequate, will not deploy a system without a clear
security analysis or framework. The folks that run the Lotus Notes
portal recommend Manila/Frontier except in cases where "bullet proof"
security is needed. The failure to layout the security capabilities in
Manila/Frontier is a factor inhibiting movement into this very large
market. Telling people to read up on standard approaches to security is
not a solution. While the state of Manila/Frontier documentation is a
general impediment to adoption, in the security area it is a show
stopper.
dss
>
David S. Stodolsky, PhD PGP: 0x35490763 david.stodolsky at ddf.dk
More information about the Frontier-Users
mailing list