Re: Password / access rights check

From: Anne & Lynn Wheeler (lynn_at_garlic.com)
Date: 09/08/03 

Date: Mon, 08 Sep 2003 14:28:23 GMT

alex221@pisem.net (Alex Prokhorov) writes:
> I need to add security to my project and haven't done this before.
> What I have to do is to grant different users different levels of
> access to the features of the program. It is clear for me how to do it
> in case of simple allowed/denied access to the program. I just create
> text file with usernames and md5 hash of their passwords. But how and
> where to store access options? I suppose, that access options must be
> encrypted too (or maybe i'm not right?). Additionally i need an option
> for the admin to arbitrarily change access options for users without
> knowing their passwords. Anyone could please direct me. Thanks.

look at internet standard radius ... implementations in addition to
storing userids, authentication information, and authorization
information ... also tend to have infrastructures for managing the
information. also internet AAA (authentication, authorization, and
accounting):
http://www.aaaarch.org/index.html

pointer to current news article on passwords (shared-secrets)
http://www.garlic.com/~lynn/2003m.html#0 Passwords multiply as users' rage

some multics literature includes some discussion that security can't
be added on, it has to be designed in:
http://www.garlic.com/~lynn/2002l.html#42 Thirty Years Later: Lessons from the Multics Security Evaluation
http://www.garlic.com/~lynn/2002l.html#44 Thirty Years Later: Lessons from the Multics Security Evaluation

some recent radius discussions
http://www.garlic.com/~lynn/2003b.html#65 Storing digital IDs on token for use with Outlook
http://www.garlic.com/~lynn/2003e.html#59 Security in RADIUS (RFC2865)
http://www.garlic.com/~lynn/2003j.html#25 Idea for secure login

misc. past radius musings:
http://www.garlic.com/~lynn/subpubkey.html#radius 

-- 
Anne & Lynn Wheeler | http://www.garlic.com/~lynn/ 
Internet trivia 20th anv http://www.garlic.com/~lynn/rfcietff.htm

Relevant Pages

  • Password / access rights check
    ... I need to add security to my project and haven't done this before. ... What I have to do is to grant different users different levels of ... text file with usernames and md5 hash of their passwords. ... that access options must be ...
    (sci.crypt)
  • Re: OT: disabling APIs to prevent keystroke logging
    ... I have googled keylogging but there's a ton of info a mostly ads. ... I've dealt with security issues in my work as a software ... Researcher refutes Microsoft's account of hijacked Hotmail passwords ... passwords were obtained in a massive phishing attack. ...
    (alt.sys.pc-clone.dell)
  • RE: passwords in asp pages
    ... and using integrated security for connecting to the database- this will ... remove cleartext passwords from the files. ... grab the raw asp source from the server. ... to facilitate one-on-one interaction with one of our expert instructors. ...
    (Security-Basics)
  • Re: Oh Dear, Where to start?!
    ... > sort of security solution? ... > use, passwords, physical security, backup/disaster ... > admin, network admin, tech support, programming, and ... Theres lots of software out there for backups. ...
    (Security-Basics)
  • Re: Final Year Project Brainstorming
    ... An interesting and always relevant topic is passwords. ... with a real-life scenario where Ubuntu's security is better than Vista ... The computers were very old so they were told they would have to ... Figure the cost of IT person for Vista vs ...
    (Ubuntu)
Quantcast