Re: Web server update problem

• To: Frode Hoem <x-frode@nada.kth.se>
• Subject: Re: Web server update problem
• From: "Brian W. Spolarich" <briansp@ans.net>
• Date: Sat, 17 Feb 1996 10:28:41 -0500 (EST)
• cc: www-security@ns2.rutgers.edu
• In-Reply-To: <199602161630.RAA05492@alv.nada.kth.se>

On Fri, 16 Feb 1996, Frode Hoem wrote:

> Security of the web-server is important, therefore some kind of
>  authorization mechanism is needed. Probably that would be 
>  Kerberos or a smart-card solution, any thoughts on this ?

  Bringing up a Kerberos server doesn't involve too much overhead. 
Ideally its a dedicated piece of hardware (BSDI on a Pentium is 
reasonably inexpensive) that only does Kerberos.

  You can then use a srvtab, getsrvtgt, and Kerberized rcp to handle the 
file copying with a reasonable amount of authentication and security.

  A good practice with Kerberos if you're using srvtabs is to use an 
instance instead of just a principal (i.e. www.filecopy instead of just 
www) so that if the srvtab is compromised, the only access gained is to 
this specific operation.

  -brian
--
Brian W. Spolarich - ANS CO+RE Systems - briansp@ans.net - (313)677-7311
  Want strong encryption?  Use ROT26.  Its _twice_ as strong as ROT13.

• Re: Web server update problem
• From: Pete Shipley <shipley@dis.org>

• Web server update problem
• From: Frode Hoem <x-frode@nada.kth.se>

• Previous: Telecommunications Policy Research Conference 1996
• Next: Re: Web server update problem
• Index(es):
  • Index
  • Thread