Re: ... may be a dumb question ?

ossinfo_at_osschicago.com
Date: 01/05/04

  • Next message: David Gillett: "RE: XP password and encryption" 
    To: Jimi Thompson <jimit@myrealbox.com>
Date: Mon, 5 Jan 2004 12:16:35 -0600

    Try this content management system, there is a demo on their site, i use
    this for creating secure areas and for "non-techie's" its very simple for
    them to publish content using the system.

    http://www.plainblack.com

    The product is called WebGUI

    Good Luck!

    Tiffany
    Open Source Software Chicago
    http://www.osschicago.com
    ossinfo@osschicago.com

                                                                                                                                           
                          Jimi Thompson
                          <jimit@myrealbox. To: Michael Gale <michael@bluesuperman.com>
                          com> cc: security-basics@securityfocus.com
                                                   Subject: Re: ... may be a dumb question ?
                          01/04/2004 11:51
                          PM
                                                                                                                                           
                                                                                                                                           

    Michael Gale wrote:

    >Hello,
    >
    > I have a question, I want to make a secure web site for me and
    a few
    >people. So this is my crazy design.
    >
    >I setup Apache with PHP and am using mod_ssl. I created my own CA on a
    >linux box. I then created a CSR for the web server and
    >signed it with my CA.
    >
    >Now I give all the people I want to have access to the site my ca.crt
    >and they import it into their browser. So now there browser will accept
    >my site's cert :) with out the warning.
    >
    >Now if they are running a linux / unix box I can have them create a CSR
    >and have my CA sign it. Then they can import that cert into their
    >browser.
    >
    >Now if I understand it correctly when the client accesses my site the
    >server and client will exchange certs and trust each other :) unless I
    >add the user to the CRL.
    >
    >The rest of the traffic will be over SSL ... so is this a secure way of
    >allows access to a directory ?
    >
    >Do you see any problems ?
    >
    >
    >
    >
    Your URL's must all be https:// & not http://

    HTH,

    Jimi

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any
    course! All of our class sizes are guaranteed to be 10 students or less.
    We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention,
    and many other technical hands on courses.
    Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off
    any course!
    ----------------------------------------------------------------------------

  • Next message: David Gillett: "RE: XP password and encryption"
    • Quantcast