Re: Securing Data Transfer

From: Hector Diaz (thehec35@netscape.net)
Date: 02/14/03

• Next message: Howie: "Re: Strong Passwords Revisited"
• Previous message: DaveK: "Re: can my password be sniffed in this situation ?"
• In reply to: Ali-Reza Anghaie: "Re: Securing Data Transfer"
• Next in thread: John Tkaczewski: "Re: Securing Data Transfer"
• Reply: John Tkaczewski: "Re: Securing Data Transfer"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: Hector Diaz <thehec35@netscape.net>
Date: Fri, 14 Feb 2003 12:55:32 GMT

Ali-Reza Anghaie wrote:
> Hector Diaz wrote:
>
>>I need to be able to upload information to a server but before I post
>>any information I need to redirect them to a login page we have for our
>>web site. After authentication is complete then post the information
>>and redirect the information to another application sitting on the
>>server. Now All of the sites are HTTPS so the data itself is secure but
>>what I need to ensure is that data will not be posted until they have
>>been authenticated. The data is being uploaded from a PC based
>>application which we are enhancing to have an upload button.
>>
>>Anyone have any ideas how to do this? I have other ideas but our Info
>>Sec team shot some of them down. Need other ideas. Thanks.
>
>
> To give a better answer we'd want a bit of background on your
> infrastructure. Like the authentication schemes available to you, the HTTP
> server you're using, etc.
>
> I'd think something like Apache + WebDAV + LDAP auth... They have to login
> w/ LDAP w/ big banners click 'yes'.. yada yada.
>
> Apache for the webserver w/ its various modules for authentication. WebDAV
> for a transparent HTTP/HTTPS file interface (drag-&-drop)...
>
> Cheers, -Ali
>

Here is what we have.

Our applications run within our Apache servers and utilize LDAP for
authentication. We are doing Form authentication through a JSP written
by one of our application teams. Behind the firewall we have a
combination of applications written with either Vignette, Servlets
and/or JSP (yup we don't like to leave anything out).

For securing the data all of our applications are protected with SSL.

Anyone attempting to go to a bookmarked page gets redirected to the
login page if they are not already authenticated.

If you need more info please feel free to contact me.

Some other info. The XML we are looking to upload is somewhere from 10K
- 15K in size.

Thanks for the help!!!!

Later, Hector

---

• Next message: Howie: "Re: Strong Passwords Revisited"
• Previous message: DaveK: "Re: can my password be sniffed in this situation ?"
• In reply to: Ali-Reza Anghaie: "Re: Securing Data Transfer"
• Next in thread: John Tkaczewski: "Re: Securing Data Transfer"
• Reply: John Tkaczewski: "Re: Securing Data Transfer"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(13)