Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Website Security.

Options
  • 02-11-2001 4:32pm
    #1
    Zero
    Registered Users Posts: 1,399 ✭✭✭


    We have an intranet here in the office that is closed off from external access. We have been asked to set it up for external access but with security on certain sensitive pages contained in the site.

    I was wondering which is the best way of setting it up. I have to hear back from the clients what level they want, but was wondering what you would generally use, i.e. standard asp login seems too lax for their purpose, but SSL seems like overkill. I dont know a whole lot about it in fairness, so what do you lads suggest?

    Zero.


Comments

  • Options
    #2
    MiCr0
    Moderators, Category Moderators, Technology & Internet Moderators Posts: 6,265 CMod ✭✭✭✭MiCr0


    something fancy with acl's perhaps?


  • Options
    #3
    ecksor
    Moderators, Social & Fun Moderators Posts: 10,501 Mod ✭✭✭✭ecksor


    Not enough information.

    Going with an "asp login" as you suggested suggests that you are going to give the capability to view the restricted pages on a per-user basis, whereas your management seems to be of the opinion that anyone on the private network should be able to view the restricted pages regardless of who they are? If you go with a per-user solution, you will need to check that the user is authenticated and authorised on each relevant page on the site.

    Why is one site doing two jobs? If both of them must share a database or a similar resource, can you link a cut down version of the site to the same backend and put it in a DMZ like bedlam suggested? I'd be very wary of taking an application that was designed to be secure enough in a relatively trusted environment and exposing it to the Internet.

    As for SSL, I don't see how that solves this problem at all (unless you're going to distribute certificates to all of your clients, which sounds like too much hassle for this application). Having said that, if you're going to send secret information across the Internet then it might be wise (although, this is what you want to avoid in the first place, right?)

    So, uh, I dunno. I don't even know what you have the infrastructure or budget to support :)

    I don't know what Micr0 is suggesting, but it sounds fancy.


Advertisement