[1449] in WWW Security List Archive
Re: Password Protection
daemon@ATHENA.MIT.EDU (Sean Wilkins)
Thu Feb 8 18:27:22 1996
Date: Thu, 08 Feb 1996 15:17:28 -0500
To: Adam Shostack <adam@lighthouse.homeport.org>
From: srw134@psu.edu (Sean Wilkins)
Cc: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
>| >The problem that you'll encounter is that passowords are regularly and
>| >easily sniffed. If theres anything really confidential, you need
>| >something better than a resuable password. Unfortunately, that won't
>| >not be as easy to use. If you're interested in alternatives, let me
>| >know. Someone else pointed you to the HTML authentication docs. You
>| >can also use a CGI script to ask for a password before serving up a
>| >page.
>
>| If Mike isn't interested i am interested in the script way of doing this. I
>| am just getting in to this, but i do have programming experence. Any
>| response would be appreciated. Thanks
>
>Basically, what you need to do is pick a scheme (S/key would work
>well), and write a perl script to check the tokens it sends before
>serving up the page. The important thing is picking a decent scheme
>for the authorization tokens.
>
>Adam
>
>
>--
>"It is seldom that liberty of any kind is lost all at once."
> -Hume
>
>
Well my first problem is that it is on a Apple server so it has to be in
applescript or a script language or something like c. I can do the checking
of the fields coming in but what makes netscape or a browser jump the dialog
box up for the password and is it as easy as checking the authentication
field? and with a SSL server document, When it is encrypted are all the
pages encrypted over line and just decrypted when the server recieves it?
Sean Robert Wilkins
Student , Staff , And The MAN
(SRW134@PSU.EDU)
---LTR---
