[4248] in WWW Security List Archive
Re: Web Server Database Access Control
daemon@ATHENA.MIT.EDU (Pat Richard)
Tue Feb 4 18:29:14 1997
Date: Tue, 4 Feb 1997 11:07:56 -0800 (PST)
From: Pat Richard <patr@xcert.com>
To: "mark.e.von.weihe" <mark.e.von.weihe@ac.com>,
paul friedrichs <paul@mnsinc.com>,
www-security <www-security@ns2.rutgers.edu>
In-Reply-To: <Pine.BSF.3.91.970204023251.1913F-100000@mac-50.x509.com>
Errors-To: owner-www-security@ns2.rutgers.edu
On Tue, 4 Feb 1997, Pat Richard wrote:
> On 3 Feb 1997, mark.e.von.weihe wrote:
>
> > I don't think you're missing anything. There doesn't seem to be a convenient
> > way to extract anything like a user ID from the client certificate. In the NS
> > Enterprise server, the certificate is available via NSAPI or CGI environmental
> > variable, but it looks like we have to do the decoding and parsing ourselves.
> > This gives you the chance to work with SSLRef or SSLeay, unless someone's
> > written a server plugin or friendly API for this.....
We've written a very friendly server API plugin for this specific purpose.
See http://www.xcert.com.
(flame off, but you asked :-)
> >
> > Mark
> > __________________________________________________________________________________________________________________________________________________________________________________________________________________
> > To: www-security @ ns2.rutgers.edu @ internet
> > cc: (bcc: Mark E. Von Weihe)
> > From: paul @ mnsinc.com (Paul Friedrichs) @ internet
> > Date: 02/01/97 04:12 AM
> > Subject: Web Server Database Access Control
> > ___________________________________________________________________________________________________________________________________________________________________________________________________________________
> > 1) I am trying to control access to a database using a) the database's
> > own ACLs and b) database user IDs provided by a web front end that
> > authenticates users using only SSL/TLS client certificates. The
> > certificates would refer to users by their database user IDs. It seems
> > to me there is not yet any means for a web server to pass user ID to the
> > database without forcing the user to log in after connecting to the web
> > server. Am I missing something?
> >
> > Thanks,
> >
> > Paul
> >
> >
> >
> >
>
> ----
> Pat Richard
> patr@x509.com
>
>
----
Pat Richard
patr@x509.com
