[Biodevelopers] On security models for networked applications

Joe Landman landman at scientificappliance.com
Thu Apr 25 11:10:10 EDT 2002


On Thu, 2002-04-25 at 11:02, Titus Brown wrote:
> ->   I am thinking about security issues for my networked application. 
> -> Specifically how to authenticate a user properly, so a server can trust
> -> the client talking to it is doing so on behalf of the correct user, and
> -> the client can trust that the server it is talking to in fact represents
> -> a valid server for the application, and can autheticate this.
> 
> Do you want to know about generic network communication, or RPC mechanisms,
> or something over straight HTTP?  (I'm guessing RPC...)

Actually, HTTP would be best, given that this is the transport layer I
am using.

> As you say, the transport can handle the data security, and server
> authentication can be handled by hardcoding the server name <grin>,
> unless you want things to be a bit more flexible, in which case you'll
> have to buy into some sort of distributed authentication framework.

I need to be flexible.  Hardcoding == bad for my application. 
Distributed authentication is what I am looking for.

> As for user authentication, I don't think there's a good generic way to do
> it for generic network communication (this is one of the things that RPC
> mechanisms like SOAP are supposed to help with!).  I can recommend a
> simple reference for how to do it in SOAP, but I haven't used that.
> 
> Of course, if you have a secure transport layer, you can just send a user/pass
> along with every request ;).

What I am trying to avoid is the notion of trust.  From what I have seen
of systems that use trust, there are two states, untrusted and trusted. 
The transition between these two states is mediated by a process of
authetication.  This process is usually something related to a login. 
Once you are in the trusted state, you can do as you wish.  So a
dedicated cracker/hacker type could figure out some bug somewhere which
forces this transition to occur, enter the trusted state, and then
perform their nefarious acts.  I dont know if it makes sense, but I want
to avoid this trusted state.

If I communicate over a secure link (SSL) to my server, and I send my
userid/password at every transaction, how can I be sure that (from the
server's perspective) that I am who I say I am?  Dont I need either a
shared secret (aside from userid/password), or some sort of other
authetication method?  

Maybe I am being too paranoid about this.  






More information about the Biodevelopers mailing list