[4230] in WWW Security List Archive
Web Server Database Access Control
daemon@ATHENA.MIT.EDU (Paul Friedrichs)
Sat Feb 1 00:00:28 1997
Date: Fri, 31 Jan 1997 22:12:20 -0500
From: Paul Friedrichs <paul@mnsinc.com>
To: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
------------1F6516CC7D241
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=us-ascii
1) I am trying to control access to a database using a) the database's
own ACLs and b) database user IDs provided by a web front end that
authenticates users using only SSL/TLS client certificates. The
certificates would refer to users by their database user IDs. It seems
to me there is not yet any means for a web server to pass user ID to the
database without forcing the user to log in after connecting to the web
server. Am I missing something?
Thanks,
Paul
------------1F6516CC7D241
Content-Transfer-Encoding: 7bit
Content-Type: text/html; charset=us-ascii
<HTML><BODY>
<DT>1) I am trying to control access to a database using a) the database's
own ACLs and b) database user IDs provided by a web front end that authenticates
users using only SSL/TLS client certificates. The certificates would refer
to users by their database user IDs. It seems to me there is not yet any
means for a web server to pass user ID to the database without forcing
the user to log in after connecting to the web server. Am I missing something?</DT>
<DT> </DT>
<DT>Thanks,</DT>
<DT> </DT>
<DT>Paul</DT>
</BODY>
</HTML>
------------1F6516CC7D241--
