Protect your Web sites with certificates and SSL
Microsoft Internet Information Services (IIS) 5.0 is an extremely scalable, robust, and versatile platform for building both intranet and Internet Web sites. Like most Web servers, it can serve up both static and dynamic Web pages and provide secure communications by using the Secure Sockets Layer (SSL) protocol. Unlike many other Web servers, IIS can leverage the security features of Windows 2000 to authenticate users and authorize their access to content in a fashion that requires no work for the Web developer. One of those security features is the built-in support for certificates. You can issue certificates to both Web servers and end users to effectively enhance and maintain security.
Authenticating Users
Web developers commonly build a database, Web pages, and scripts for the purpose of authenticating users. These items work together to request that users enter their usernames and passwords. A script looks up the username in a database table that contains details about users, including their passwords. If the script finds a matching username, it compares the password the user entered with the password in the table. (If the table stores only hashed passwords for security reasons, a script must hash the password the user entered before comparing it with the one in the table). If the passwords match, the user is considered authenticated. Building your own system to authenticate users becomes more complex when the site must let users manage their accounts or must authorize users before letting them view content. A developer might spend many days or weeks writing complex pages and scripts. One very real danger is that bugs can slip through testing and an intruder can exploit those bugs to bypass the authentication or authorization mechanisms. . . .
jeaster July 13, 2004 (Article Rating: