[1490] in WWW Security List Archive
Re: Web server update problem
daemon@ATHENA.MIT.EDU (Brian W. Spolarich)
Sat Feb 17 13:41:38 1996
Date: Sat, 17 Feb 1996 10:28:41 -0500 (EST)
From: "Brian W. Spolarich" <briansp@ans.net>
To: Frode Hoem <x-frode@nada.kth.se>
cc: www-security@ns2.rutgers.edu
In-Reply-To: <199602161630.RAA05492@alv.nada.kth.se>
Errors-To: owner-www-security@ns2.rutgers.edu
On Fri, 16 Feb 1996, Frode Hoem wrote:
> Security of the web-server is important, therefore some kind of
> authorization mechanism is needed. Probably that would be
> Kerberos or a smart-card solution, any thoughts on this ?
Bringing up a Kerberos server doesn't involve too much overhead.
Ideally its a dedicated piece of hardware (BSDI on a Pentium is
reasonably inexpensive) that only does Kerberos.
You can then use a srvtab, getsrvtgt, and Kerberized rcp to handle the
file copying with a reasonable amount of authentication and security.
A good practice with Kerberos if you're using srvtabs is to use an
instance instead of just a principal (i.e. www.filecopy instead of just
www) so that if the srvtab is compromised, the only access gained is to
this specific operation.
-brian
--
Brian W. Spolarich - ANS CO+RE Systems - briansp@ans.net - (313)677-7311
Want strong encryption? Use ROT26. Its _twice_ as strong as ROT13.
