[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Working on a security best practices document

Subject: Re: Working on a security best practices document
From: Luke <..hidden..>
Date: Thu, 4 Feb 2010 13:14:30 -0500 (EST)

After reading your [Chris's] explanation to Michael about the way auth ishandled in 1.3, something occurred to me.

In the current system, the application itself handles all authentication.It deals with the DBM directly on behalf of all users.

In the new system, you are offloading authentication to the web server,and are therefore limited to the auth and encryption schemes offered byApache et al?

I was not following the discussion very closely until the last coupleof messages; apologies.


So what exactly is the sequence of authentication, SSL aside?

I will note re SSL, that I may not want SSL, etc., in an (Open)VPN basedenvironment. Not that it would be too detromental to use, but it is anunnecessary layer with pre-established P2P tunneling.


Forgive my playing catchup.

Luke

Follow-Ups:
- Re: Working on a security best practices document
  - From: Chris Travers

References:
- Working on a security best practices document
  - From: Chris Travers
- Re: Working on a security best practices document
  - From: Michael Richardson
- Re: Working on a security best practices document
  - From: Chris Travers
- Re: Working on a security best practices document
  - From: Michael Richardson
- Re: Working on a security best practices document
  - From: Chris Travers
- Re: Working on a security best practices document
  - From: Michael Richardson
- Re: Working on a security best practices document
  - From: Chris Travers

Prev by Date: Re: Working on a security best practices document
Next by Date: Re: Working on a security best practices document
Previous by thread: Re: Working on a security best practices document
Next by thread: Re: Working on a security best practices document
Index(es):
- Date
- Thread