[Biodevelopers] On security models for networked applications
Joe Landman
landman at scientificappliance.com
Thu Apr 25 11:10:10 EDT 2002
On Thu, 2002-04-25 at 11:02, Titus Brown wrote:
> -> I am thinking about security issues for my networked application.
> -> Specifically how to authenticate a user properly, so a server can trust
> -> the client talking to it is doing so on behalf of the correct user, and
> -> the client can trust that the server it is talking to in fact represents
> -> a valid server for the application, and can autheticate this.
>
> Do you want to know about generic network communication, or RPC mechanisms,
> or something over straight HTTP? (I'm guessing RPC...)
Actually, HTTP would be best, given that this is the transport layer I
am using.
> As you say, the transport can handle the data security, and server
> authentication can be handled by hardcoding the server name <grin>,
> unless you want things to be a bit more flexible, in which case you'll
> have to buy into some sort of distributed authentication framework.
I need to be flexible. Hardcoding == bad for my application.
Distributed authentication is what I am looking for.
> As for user authentication, I don't think there's a good generic way to do
> it for generic network communication (this is one of the things that RPC
> mechanisms like SOAP are supposed to help with!). I can recommend a
> simple reference for how to do it in SOAP, but I haven't used that.
>
> Of course, if you have a secure transport layer, you can just send a user/pass
> along with every request ;).
What I am trying to avoid is the notion of trust. From what I have seen
of systems that use trust, there are two states, untrusted and trusted.
The transition between these two states is mediated by a process of
authetication. This process is usually something related to a login.
Once you are in the trusted state, you can do as you wish. So a
dedicated cracker/hacker type could figure out some bug somewhere which
forces this transition to occur, enter the trusted state, and then
perform their nefarious acts. I dont know if it makes sense, but I want
to avoid this trusted state.
If I communicate over a secure link (SSL) to my server, and I send my
userid/password at every transaction, how can I be sure that (from the
server's perspective) that I am who I say I am? Dont I need either a
shared secret (aside from userid/password), or some sort of other
authetication method?
Maybe I am being too paranoid about this.
More information about the Biodevelopers
mailing list