Re: Is password good enough?

• To: bmanning@isi.edu
• Subject: Re: Is password good enough?
• From: Renegade <renegade@dnaco.net>
• Date: Thu, 11 Apr 1996 23:04:35 -0400
• Cc: www-security@ns2.rutgers.edu

At 09:17 AM 4/10/96 -0700, you wrote:
>> 
>> Mariam Jazayeri asks:
>> 
>> >I would like to know if this group feels password is sufficient for
>> >protecting sensitive information on Web inside the firewalls. 
>> >I know most document servers provide password protection, but I'm not
sure if
>> >that's good enough to protect sensitive information on the Web? 
>> 
>> You might consider additionally requiring connections to be from a
specific IP address. This will give you an additional layer of verification
before admitting a user. 
>> 
>> Mark Davis
>> -------------------------------------
>
>	This approach is flawed, as the general direction of networking is to
>	remove static IP address assignment in favor of dynamic IP allocation.
>
>--bill
>
        It is not all bad!  Many servers (PPP, SLIP, etc) now do dynamic
IP allocation, but I would assume that it is almost always in the same
subnet.  So you could require your connections to come from
a subnet.  

Dave

--
// renegade@dnaco.net
// America Online sent me a great coaster for my
// computer desk, it looks just like a CD-ROM!

• Previous: Restrictions group without ask for the password
• Next: Re: logins to secure web pages
• Index(es):
  • Index
  • Thread