[Previous] [Next] [Index]
[Thread]
Re: Is password good enough?
At 09:17 AM 4/10/96 -0700, you wrote:
>>
>> Mariam Jazayeri asks:
>>
>> >I would like to know if this group feels password is sufficient for
>> >protecting sensitive information on Web inside the firewalls.
>> >I know most document servers provide password protection, but I'm not
sure if
>> >that's good enough to protect sensitive information on the Web?
>>
>> You might consider additionally requiring connections to be from a
specific IP address. This will give you an additional layer of verification
before admitting a user.
>>
>> Mark Davis
>> -------------------------------------
>
> This approach is flawed, as the general direction of networking is to
> remove static IP address assignment in favor of dynamic IP allocation.
>
>--bill
>
It is not all bad! Many servers (PPP, SLIP, etc) now do dynamic
IP allocation, but I would assume that it is almost always in the same
subnet. So you could require your connections to come from
a subnet.
Dave
--
// renegade@dnaco.net
// America Online sent me a great coaster for my
// computer desk, it looks just like a CD-ROM!