[269] in WWW Security List Archive
Re: Secure W3 Server
daemon@ATHENA.MIT.EDU (Mary Ellen Zurko)
Wed Dec 14 11:51:42 1994
From: zurko@osf.org (Mary Ellen Zurko)
To: www-security@ns1.rutgers.edu
Date: Wed, 14 Dec 94 9:30:01 EST
Cc: zurko@osf.org (Me)
In-Reply-To: <Pine.3.05.9412131844.A21352-b100000@toadflax.cs.ucdavis.edu>; from "Mr. Le" at Dec 13, 94 6:41 pm
Reply-To: www-security@ns1.rutgers.edu
> Imagine you have the digital version of Madonna's next CD on-line,
> and find out that it was stolen by hundreds of Web hackers.
>
[...]
>
> The only good solution to this problem is strong authentication,
Well that's necessary, but not sufficient. You need an authorization
engine that uses that authentication, and makes decisions based on
your site security policy. Which means you want a reasonably
user-friendly way to encode your site security policy correctly. That
is assuming you've got it on the web because you want _some_ people to
get it.
Mez
