Re: authentication cleanups

Phillip M. Hallam-Baker (hallam@dxal18.cern.ch)
Mon, 14 Nov 1994 11:15:19 +0900


In article <9367@cernvm.cern.ch> you write:

|>> In a way, yes. But truly anal security fiends would say that this is
|>> divulging potentially sensitive information.
|>
|>We would not! :-) We would say "What is your security policy? Is that
|>information world readable?" and "What is the strength of your
|>security system? Is it easy enough to spoof so that it doesn't
|>matter?". Since tcp addresses are spoofable anyway, making security
|>less friendly is only encouraging people to work around it, which
|>makes it less secure. User-friendly security _is_ better security.
|>
|>> They get nervous when you
|>> tell folks the difference between "file not found" and "unauthorized".
|>
|>Only if you've got a Mandatory Access Control policy, that mandates
|>that folks with a Confidential clearance can't know the names of Top
|>Secret files, since their names are Top Secret too. Anybody with this
|>policy isn't using the standard WWW security mechanisms :-).
|>
|>> As long as you're using the basic authentication scheme, you're certainly
|>> not in the league of anal security fiends, and this may be OK.

Which is why the BASIC security scheme is not long for this world (hopefully).
It is just about the one bit of HTTP spec that I would like to explicitly
drop from future specs.

The difference between `file not found' and `not authorised' is siginificant
in some cases but these are rare. For example knowing that
/hallam/docs/skipjack.ps existed would be of interest to some :-)

--
Phillip M. Hallam-Baker

Not Speaking for anyone else.