1 <?xml version="1.0" encoding="iso-8859-1"?> 2 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 3 <html xmlns="http://www.w3.org/1999/xhtml"> 4 <head> 5 <title>Securing a WebStack Application</title> 6 <link href="styles.css" rel="stylesheet" type="text/css" /> 7 </head> 8 <body> 9 <h1>Securing a WebStack Application</h1> 10 <p>Making sure that Web applications are "secure" involves many 11 different 12 aspects of application design, deployment and administration. This 13 guide currently only covers the usage of the authentication features of 14 the WebStack API.</p> 15 <h2>Authentication in WebStack</h2> 16 <p>There are two principal methods of introducing authentication and 17 applying 18 access control to WebStack applications:</p> 19 <ul> 20 <li><a href="authenticators.html">Application-Wide Authenticators</a></li> 21 <li><a href="login-redirect.html">LoginRedirect and Login Modules</a></li> 22 </ul> 23 <p>Here is a comparison of the features of these mechanisms:</p> 24 <table border="1" cellpadding="5" cellspacing="0"> 25 <tbody> 26 <tr> 27 <td></td> 28 <th>Application-Wide Authenticators</th> 29 <th>LoginRedirect and Login Modules</th> 30 </tr> 31 <tr> 32 <th>Deployment</th> 33 <td> 34 <ul> 35 <li>Some Web server configuration required.</li> 36 <li>The application only requires an additional object to be 37 instantiated to support authentication.</li> 38 </ul> 39 </td> 40 <td> 41 <ul> 42 <li>An additional login application or resource must be 43 deployed.</li> 44 </ul> 45 </td> 46 </tr> 47 <tr> 48 <th>Flexibility</th> 49 <td> 50 <ul> 51 <li>The user experience may seem too inflexible or unfriendly - 52 users may only get the login dialogue.</li> 53 <li>There is also probably no logout function, since it 54 requires browser support.</li> 55 <li> HTTP-style authentication is well understood and supported 56 when automating client access.</li> 57 </ul> 58 </td> 59 <td> 60 <ul> 61 <li>The login and logout activities can be customised to suit 62 the appearance of the rest of the application.</li> 63 <li> Many applications can share the same login application, 64 providing a "single sign-on" experience and potentially reduced 65 administrative overhead.</li> 66 </ul> 67 </td> 68 </tr> 69 </tbody> 70 </table> 71 </body> 72 </html>