[1816] in WWW Security List Archive
Re: Is password good enough?
daemon@ATHENA.MIT.EDU (Renegade)
Fri Apr 12 01:52:17 1996
Date: Thu, 11 Apr 1996 23:04:35 -0400
To: bmanning@isi.edu
From: Renegade <renegade@dnaco.net>
Cc: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
At 09:17 AM 4/10/96 -0700, you wrote:
>>
>> Mariam Jazayeri asks:
>>
>> >I would like to know if this group feels password is sufficient for
>> >protecting sensitive information on Web inside the firewalls.
>> >I know most document servers provide password protection, but I'm not
sure if
>> >that's good enough to protect sensitive information on the Web?
>>
>> You might consider additionally requiring connections to be from a
specific IP address. This will give you an additional layer of verification
before admitting a user.
>>
>> Mark Davis
>> -------------------------------------
>
> This approach is flawed, as the general direction of networking is to
> remove static IP address assignment in favor of dynamic IP allocation.
>
>--bill
>
It is not all bad! Many servers (PPP, SLIP, etc) now do dynamic
IP allocation, but I would assume that it is almost always in the same
subnet. So you could require your connections to come from
a subnet.
Dave
--
// renegade@dnaco.net
// America Online sent me a great coaster for my
// computer desk, it looks just like a CD-ROM!
