You want to enforce the most secure authentication method available for your Web server that allows users to type a user name and password. All users that require access to the web site use the latest version of Netscape or Internet Explorer as their browser. You want to provide the fastest possible response to users. Which authentication method should you use?
Which authentication method should you use?imax theater
Basic authentication over SSL. Do they really teach you that stuff in school these days?
Which authentication method should you use?classical music opera theater
.htaccess :)
www.dynamicdrive.com and www.dangerstudio.com have good htaccess generators if you don't know hwo to set up one unless you want to go through your hosting control panel.
Goodluck
The most secure approach I know of can be rather tricky, it involves creating a "PKI" certificate, loading the certificate into each browser that accesses the site.
The PKI is signed with a private key that you have (stored OFF the internet I might add) you also keep a PUBLIC key stored on the web server.
Your website user than imports the PKI file into their web browser, the certificate is verified (was it signed with your key?) and if so, you allow them access to your application.
No password or username is required, as this approach ensures that the person has a key that you signed. (it is still possible the PKI file is "stolen" but the same can be said of passwords)
You can give each person a unique PKI file, with a CN field set so that you can later revoke it. (or just have the application refuse access to it)
Only web browsers that have had the PKI files imported are allowed to login.
For more information, do a search on ask.com (or other search engine) for "PKI"
(I should mention, my product "GenieGate" does not use PKI based authentication, as it is a rather special case approach.)
No comments:
Post a Comment