Re: Integrated Windows Authorisation
From: Tim Guy (tim@hurtwood.demon.co.uk)
Date: 02/17/03
- Next message: Cullen Hadersberger: "renewing cert in IIS5"
- Previous message: Marnie: "ALL USERS ARE LOCKED OUT OF MY FRONTPAGE WEB SITES"
- In reply to: Stephen L Nicoud: "Re: Integrated Windows Authorisation"
- Next in thread: Tim Guy: "Re: Integrated Windows Authorisation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Tim Guy" <tim@hurtwood.demon.co.uk> Date: Mon, 17 Feb 2003 17:43:37 -0000
I understand. Thank you very much for your time in fully explaining this. It
has been very helpful. Im sorry If I confused!
Tim
"Stephen L Nicoud" <nicouds@hotmail.com> wrote in message
news:#SpS20S1CHA.676@TK2MSFTNGP11.phx.gbl...
You still aren't answering my question. Let me try it a different way.
I'll put down what I think you might be asking for and you correct me where
I've got it wrong.
Each user has a folder. The ONLY ones who are allowed to read or
update/modify the contents of those folders is the user for whom they are
designated and the administrators of the web server. In no circumstances
will a user want to share the data in their folder with someone else. It is
important that no one be able to read a user's data so the data must be
protected from eavesdropping by a packet sniffer or other device on the
network.
If the above is true, then end-to-end encryption would be meet the need for
protecting the data in transit. SSL would be the easiest method to obtain
that encryption.
As to whether to use Integrated Windows Authentication (NT
Challenge/Response) (IWA/NTCR) or Basic Authentication it depends on several
factors. IWA/NTCR is possible if all users were using Internet Explorer
(IE) and that IE does not have to traverse a proxy server to reach your web
server. There may be additional problems to overcome like if the user is
logged on to a domain that is not trusted by your web server. Basic
Authentication works with the vast majority of browsers. The major downside
to Basic Authentication is that the username and password are transmitted
with each request. With SSL you can protect those credentials in transit,
but if you have other web-based applications on your web server that you
don't control or can't trust then it may be possible for those applications
to capture the username and password.
"Tim Guy" <tim@hurtwood.demon.co.uk> wrote in message
news:sB23a.2894$MD6.1332641@newsfep2-win.server.ntli.net...
> A User has a home area. Accessible on the LAN, or by WebDav over the
> internet. The File system secuitry is set on that folder for the user of
the
> home area and administrators. no one else.
>
> Yes, it would be good for the home area user/owner to have
read/write/update
> access as if they were on the LAN.
>
> The only tricky bit is how and what to use for the security Integ Windows
> Auth or SSL!!
>
> Tim
>
>
> "Stephen L Nicoud" <nicouds@hotmail.com> wrote in message
> news:O$cgBhu0CHA.2184@TK2MSFTNGP09...
> When you say "person who access to a home area is its user" do you mean
read
> and write/update access or just write/update access?
>
> "Tim Guy" <tim@hurtwood.demon.co.uk> wrote in message
> news:#NAEygm0CHA.2564@TK2MSFTNGP12...
> > I'm just interested in making sure the only person who access to a home
> area
> > is its user (and admins), and making sure password information wont get
> > picked up on its way from the client to the server.
> >
> > I haven't really decide on the fireway yet. More than likely a firewall
> with
> > some kind of NAT. I'm trying different situations at the moment.
> >
> > I take it there are problems running Integ Windows Autho behind some of
> > those methods you mentioned?
> >
> > Regards
> >
> > Tim
> >
> >
> >
> > "Stephen L Nicoud" <nicouds@hotmail.com> wrote in message
> > news:eiZE1Uk0CHA.1624@TK2MSFTNGP11...
> > Are you interested in restricting who can read these Web folders or are
> you
> > merely interested in controlling who can write to these Web folders or
> both?
> >
> > When accessing the Web folders through your firewall, do you go through
a
> > proxy (e.g., reverse proxy) or are you doing something with a NAT device
> or
> > something else?
> >
> > "Tim Guy" <tim@hurtwood.demon.co.uk> wrote in message
> > news:HDa2a.1598$MD6.580530@newsfep2-win.server.ntli.net...
> > > Im looking at wanting to publish some Web folders (behind a firewall)
> for
> > > users home areas. Remotley a user goes to a HTML page. which asks for
> > their
> > > name, this kicks off some script which simple takes the user to
> > > http:\\server\username as a WebDav folder. At this Im going to use
> > > Integrated Windows Authorisation and the NTFS security to allow only
the
> > > correct user access.
> > >
> > > Am I stuipd? Is this not secure enough? Should I be looking at it from
> > > another way.
> > >
> > > I want these files and folders accessible from where ever. Home, Work,
> > Cyber
> > > Cafe, Etc.
> > >
> > > Cheers in advance
> > >
> > > Tim
> > >
> > >
> > >
> >
> >
> >
>
>
>
- Next message: Cullen Hadersberger: "renewing cert in IIS5"
- Previous message: Marnie: "ALL USERS ARE LOCKED OUT OF MY FRONTPAGE WEB SITES"
- In reply to: Stephen L Nicoud: "Re: Integrated Windows Authorisation"
- Next in thread: Tim Guy: "Re: Integrated Windows Authorisation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
