Home page logo
/

webappsec logo WebApp Sec mailing list archives

RE: about portal security
From: "Scovetta, Michael V" <Michael.Scovetta () ca com>
Date: Wed, 9 Jun 2004 09:23:04 -0400

Hi!
  You *really* need to define better what you're asking. What kind of
"security" do you have for the portal? For instance, if it's
basic/digest, then it should be fine on the extranet (assuming you have
users on the outside). If it's NTLM/Kerberos, it may have a problem
going through proxies, so you don't want to use them on extranet sites,
usually. A "portal" is usually nothing more than a fancy iframe
framework, but the portal pages are either:
        http://sub-site.domain.com/page11.html
or
        http://main-portal.domain.com/?get_page=page11.html

In the former, the request goes right to the extranet site, you'll have
to secure it separately. In the later, you can leverage existing
security (assuming that main-portal.domain.com is on the extranet.

So, there's no quick answer there, sorry.

Michael Scovetta
Computer Associates
Application Developer
tel: +1 631 342 3139
cell: +1 813 727 5772
michael.scovetta () ca com

-----Original Message-----
From: info () biledge com [mailto:info () biledge com]
Sent: Wednesday, June 09, 2004 5:27 AM
To: webappsec () securityfocus com
Subject: about portal security

hi,

i need to secure a web portal with 7,000 members. certain pages will
be
extranet
and i am not sure if i will need to secure them separately.
if i have security for the portal, does that mean i have security for
the
extranet
part of the portal too ?
thank you for the helps, thank you for no helps too :)
regards,
bilur






  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault