I dunno. It would seem to me that a security model would be best implemeted
on a circuit-wide basis, so you could have a secure circuit and a public
circuit, much as you would have an SSL directory. With IIS 4.0 on Win NT,
the norm is you set up SSL on a directory-by-directory basis, so it would be
logical to implement a fusebox security model on a circuit-wide basis.
Integration with SSL would be easier.
Alan McCollough
Web Programmer
Alaska Native Medical Center
> -----Original Message-----
> From: Nat Papovich [SMTP:[EMAIL PROTECTED]]
> Sent: Wednesday, July 05, 2000 8:55 AM
> To: '[EMAIL PROTECTED]'
> Subject: RE: <CF_SECURE>
>
> Is there a difference between
> >1. Securing every Fuseaction in one circuit applications
> and securing access to an entire circuit application?
>
> In implementation, yes. In concept, maybe. The security model would be
> more
> global in aspect, not modularized to the FA.
>
> Hmmm...
>
> There are many more security issues to think about, but they're on a very
> different dimension than what you mentioned. I'm thinking of things like
> multiple logins, use of application.cfm, telnets, click-paths, yucky
> stuff.
>
> Jah love,
> NAT
>
> -----Original Message-----
> From: Steve Nelson [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, July 05, 2000 9:35 AM
> To: Fusebox
> Subject: <CF_SECURE>
>
>
> Minor topic change... let's get off the porn and flaming issues and talk
> about security in general. It's an important topic that needs
> discussing.
>
> I'm writing all the ideas that everyone has been giving me down, and
> will publish them when I'm done. Here are the four main areas that I
> see necessary to secure...
>
> 1. Securing every Fuseaction in one circuit applications
> 2. Securing every Fuseaction in multiple circuit applications
> 3. Securing some Fuseactions in a circuit application, but not all
> 4. Securing certain areas of a single Fuseaction
>
> Does that sound about right to everyone? Am I missing anything? I want
> to try and create a drop-dead easy open-source security module that will
> work in 90% of all Fusebox applications.
>
> The best way I have found to make something work cross application is to
> focus on the concepts, not the implementations. So if you've got
> concepts about how to secure a Fusebox app let's hear them.
>
> Steve
> --------------------------------------------------------------------------
> --
> --
> To Unsubscribe visit
> http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or
> send a message to [EMAIL PROTECTED] with 'unsubscribe' in
> the body.
> --------------------------------------------------------------------------
> ----
> To Unsubscribe visit
> http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or
> send a message to [EMAIL PROTECTED] with 'unsubscribe' in
> the body.
------------------------------------------------------------------------------
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
