[Courses] Web Database Security
Kai MacTane
kmactane at GothPunk.com
Thu May 2 14:03:43 EST 2002
At 5/1/02 06:22 PM , Dave North wrote:
>Kai:
> > Any ideas? What would be the most secure, and yet most convenient, way to
> > do this?
>
>It would be way beyond me to suggest "most secure," as I'd have no idea.
>But I do know you could put access to your database in a subdirectory of
>the http root, then allow access only to a limited group. Perhaps the
>easiest "selection agent" would be IP address, if that's granular enough.
>Use both that and machine name, and you'd be getting pretty tight.
Actually, neither of those is quite granular enough for my purposes. Some
of the people I've got my eye on as potential database editors/contributors
live overseas, and may be coming through ISP dial-ups. I pretty much need
this to be granular by person, not by computer.
Not only can I not assume that any of the contributors have static IPs, I
also can't assume that someone coming from a given static IP is necessarily
my contributor. For example, my house involves a bunch of Windows machines
on a LAN behind a Linux firewall that NATs all those Winboxen to one IP.
It's always conceivable that one of my contributors lives in a similar
situation, with a roommate known for nasty practical jokes...
So I'm figuring some sort of username/password access method. But, I could
do something where, when someone authenticates with a given
username/password combo, the cookie they get as a result is set to only be
allowed from that IP address.
--Kai MacTane
----------------------------------------------------------------------
"Fighting back the tears, mother reads the note again,
Sixteen candles burn in her mind..."
--Depeche Mode,
"Blasphemous Rumours"
More information about the Courses
mailing list