[2553] in WWW Security List Archive
Web servers and commercial applications
daemon@ATHENA.MIT.EDU (Monish Raj)
Thu Aug 1 17:20:06 1996
To: www-security@ns2.rutgers.edu
Cc: monish@jelly.devo.ilx.com
Date: Thu, 01 Aug 1996 14:39:47 -0400
From: Monish Raj <monish@ilx.com>
Errors-To: owner-www-security@ns2.rutgers.edu
Hi,
I'm interested in finding out if anyone is developing commercial
applications for the web, what kind of issues you are facing,
and which of these issues you have dealt with.
My situation is the following:
I am developing a service which would be run as a cgi
script on a web server. There can be multiple services
running on multiple such servers. These services would
require user entitlements which would be based on a monthly
fee.
The HTTP spec does not provide for login to a group of
servers, but I have been able to (with the help of a
gentleman on the net) use cookies to do so if all the
servers reside in the same domain.
Here's the problem:
If a user "logs in" to our group of servers from one machine,
we don't want him/her to log in from another machine.
Is anybody working towards a solution for such a problem? I
have actually found paid services operating now (where the
fee is charged per month, not per request) which allow the
same username to access their services from multiple
workstations, and we don't want to allow that.
If anybody is working on something like this, I would like to
hear from you. Any help would be appreciated.
Thanks,
-monish
