[1910] in WWW Security List Archive
An accounting question...
daemon@ATHENA.MIT.EDU (Chih-Hung Feng (791018))
Thu Apr 25 08:14:17 1996
From: chfeng@iii.org.tw (Chih-Hung Feng (791018))
To: www-security@ns2.rutgers.edu (www security)
Date: Thu, 25 Apr 1996 17:19:37 +0800 (CST)
Errors-To: owner-www-security@ns2.rutgers.edu
Hi:
Could someone enlighten me on the following question?
A local company(not the one I am employed) is thinking about
providing database service on the net. The idea is put a database
on the Internet and allow users to extract the information through
WWW interface. The requirements are:
1. the users must identify themselves before viewing the
document, and
2. the users are charged with the quantity of information
(pieces of documents/Mbytes/etc) being received.
The first req. can be easily satisfied, but the second really
beats me. How can I identify those requests from a valid user who
has successfully passed earlier I&A stage? How can I make sure these
requests are from that user, while someone else can be using his
system at the same time?
If what I described is too vague to understand, please tell
me and I would like to give more details. Any ideas (even that
you think it is impossible based on current web server behavior)
would be greatly appreciated. Thank you very much for your time.
--
Chih-Hung Feng <chfeng@iii.org.tw>
