[1804] in WWW Security List Archive
Re: Is password good enough?
daemon@ATHENA.MIT.EDU (bmanning@isi.edu)
Wed Apr 10 15:57:55 1996
From: bmanning@isi.edu
To: markd@ed.atl.sita.int
Date: Wed, 10 Apr 1996 09:17:14 -0700 (PDT)
Cc: www-security@ns2.rutgers.edu
In-Reply-To: <Chameleon.960410102542.markd@medusa.ed.atl.sita.int> from "markd@ed.atl.sita.int" at Apr 10, 96 10:14:03 am
Errors-To: owner-www-security@ns2.rutgers.edu
>
> Mariam Jazayeri asks:
>
> >I would like to know if this group feels password is sufficient for
> >protecting sensitive information on Web inside the firewalls.
> >I know most document servers provide password protection, but I'm not sure if
> >that's good enough to protect sensitive information on the Web?
>
> You might consider additionally requiring connections to be from a specific IP address. This will give you an additional layer of verification before admitting a user.
>
> Mark Davis
> -------------------------------------
This approach is flawed, as the general direction of networking is to
remove static IP address assignment in favor of dynamic IP allocation.
--bill
