WWW access and ensuring confidentiality

Dave_Raggett <dsr@hplb.hpl.hp.com>
From: Dave_Raggett <dsr@hplb.hpl.hp.com>
Message-id: <9304021706.AA20689@manuel.hpl.hp.com>
Subject: WWW access and ensuring confidentiality
To: www-talk@nxoc01.cern.ch
Date: Fri, 2 Apr 93 18:06:51 BST
Cc: sfk@hplb.hpl.hp.com
Mailer: Elm [revision:]
Here at Hewlett Packard, we need a way of preventing unauthorised
access to information, but want to take advantage of the WWW for
sharing information with colleagues.

Please give me your comments on our proposed solution.

I am working on a solution that makes use of UNIX's established
security mechanisms and making it easy for non-technical types
to manage things for themselves without the need to call out
the support staff.

Each web server can be run in two modes depending on a command line switch:

  Mode 1

    a)  all world readable files are accessible
    b)  systems in the .rhosts file are treated appropriately
    c)  all other files require a user name & password

  Mode 2

    a)  systems in the .rhosts file are treated appropriately
    b)  otherwise all files 

The Authorisation: field in HTTP2 is used to carry the username
and password, e.g.

    Authorisation: user fred:secret

Where "user" identifies the following as being username:password
which must refer to a valid user account on the host system. This
approach avoids the need for people to manage special configuration files.
We may also add a file similar to the .rhost file but specific to the web.

The browser keeps track of which system/protocol needs what user name/
password, and so only asks you once for each system per session. I am
also looking at using X11's interprocess communication facilities so
that multiple concurrent invokations of the browser can share the
same info to further minimise the pain.

The same approach is also used for our gateway from our closed subnet
to the rest of the world. This gateway relays tcp connections, but doesn't
accept requests to connect from the outside. I hence have to use ftp in
the passive mode.

In the future we will investigate more flexible approaches such as Kerberos
that avoid sending passwords in clear (unlike most UNIX apps such as ftp,
rlogin etc.).

Dave Raggett

Hewlett Packard Labs, Bristol, UK

    +44 272 228046