Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Website Security.

  • 02-11-2001 3:32pm
    #1
    Registered Users, Registered Users 2 Posts: 1,399 ✭✭✭


    We have an intranet here in the office that is closed off from external access. We have been asked to set it up for external access but with security on certain sensitive pages contained in the site.

    I was wondering which is the best way of setting it up. I have to hear back from the clients what level they want, but was wondering what you would generally use, i.e. standard asp login seems too lax for their purpose, but SSL seems like overkill. I dont know a whole lot about it in fairness, so what do you lads suggest?

    Zero.


Comments

  • Registered Users, Registered Users 2 Posts: 6,265 ✭✭✭MiCr0


    something fancy with acl's perhaps?


  • Moderators, Social & Fun Moderators Posts: 10,501 Mod ✭✭✭✭ecksor


    Not enough information.

    Going with an "asp login" as you suggested suggests that you are going to give the capability to view the restricted pages on a per-user basis, whereas your management seems to be of the opinion that anyone on the private network should be able to view the restricted pages regardless of who they are? If you go with a per-user solution, you will need to check that the user is authenticated and authorised on each relevant page on the site.

    Why is one site doing two jobs? If both of them must share a database or a similar resource, can you link a cut down version of the site to the same backend and put it in a DMZ like bedlam suggested? I'd be very wary of taking an application that was designed to be secure enough in a relatively trusted environment and exposing it to the Internet.

    As for SSL, I don't see how that solves this problem at all (unless you're going to distribute certificates to all of your clients, which sounds like too much hassle for this application). Having said that, if you're going to send secret information across the Internet then it might be wise (although, this is what you want to avoid in the first place, right?)

    So, uh, I dunno. I don't even know what you have the infrastructure or budget to support :)

    I don't know what Micr0 is suggesting, but it sounds fancy.


Advertisement