On Thu, 2002-04-25 at 11:02, Titus Brown wrote: > -> I am thinking about security issues for my networked application. > -> Specifically how to authenticate a user properly, so a server can trust > -> the client talking to it is doing so on behalf of the correct user, and > -> the client can trust that the server it is talking to in fact represents > -> a valid server for the application, and can autheticate this. > > Do you want to know about generic network communication, or RPC mechanisms, > or something over straight HTTP? (I'm guessing RPC...) Actually, HTTP would be best, given that this is the transport layer I am using. > As you say, the transport can handle the data security, and server > authentication can be handled by hardcoding the server name <grin>, > unless you want things to be a bit more flexible, in which case you'll > have to buy into some sort of distributed authentication framework. I need to be flexible. Hardcoding == bad for my application. Distributed authentication is what I am looking for. > As for user authentication, I don't think there's a good generic way to do > it for generic network communication (this is one of the things that RPC > mechanisms like SOAP are supposed to help with!). I can recommend a > simple reference for how to do it in SOAP, but I haven't used that. > > Of course, if you have a secure transport layer, you can just send a user/pass > along with every request ;). What I am trying to avoid is the notion of trust. From what I have seen of systems that use trust, there are two states, untrusted and trusted. The transition between these two states is mediated by a process of authetication. This process is usually something related to a login. Once you are in the trusted state, you can do as you wish. So a dedicated cracker/hacker type could figure out some bug somewhere which forces this transition to occur, enter the trusted state, and then perform their nefarious acts. I dont know if it makes sense, but I want to avoid this trusted state. If I communicate over a secure link (SSL) to my server, and I send my userid/password at every transaction, how can I be sure that (from the server's perspective) that I am who I say I am? Dont I need either a shared secret (aside from userid/password), or some sort of other authetication method? Maybe I am being too paranoid about this.