WebStack

docs/securing.html

755:139b1412b9c3
2008-02-03 paulb [project @ 2008-02-03 19:58:01 by paulb] Added measures to permit the usage of non-ASCII characters in plaintexts.
     1 <?xml version="1.0" encoding="iso-8859-1"?>     2 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">     3 <html xmlns="http://www.w3.org/1999/xhtml">     4 <head>     5   <title>Securing a WebStack Application</title>     6   <link href="styles.css" rel="stylesheet" type="text/css" />     7 </head>     8 <body>     9 <h1>Securing a WebStack Application</h1>    10 <p>Making sure that Web applications are "secure" involves many    11 different    12 aspects of application design, deployment and administration. This    13 guide currently only covers the usage of the authentication features of    14 the WebStack API.</p>    15 <h2>Authentication in WebStack</h2>    16 <p>There are two principal methods of introducing authentication and    17 applying    18 access control to WebStack applications:</p>    19 <ul>    20   <li><a href="authenticators.html">Application-Wide Authenticators</a></li>    21   <li><a href="login-redirect.html">LoginRedirect and Login Modules</a></li>    22 </ul>    23 <p>Here is a comparison of the features of these mechanisms:</p>    24 <table border="1" cellpadding="5" cellspacing="0">    25   <tbody>    26     <tr>    27       <td></td>    28       <th>Application-Wide Authenticators</th>    29       <th>LoginRedirect and Login Modules</th>    30     </tr>    31     <tr>    32       <th>Deployment</th>    33       <td>    34       <ul>    35         <li>Some Web server configuration required.</li>    36         <li>The application only requires an additional object to be    37 instantiated to support authentication.</li>    38       </ul>    39       </td>    40       <td>    41       <ul>    42         <li>An additional login application or resource must be    43 deployed.</li>    44       </ul>    45       </td>    46     </tr>    47     <tr>    48       <th>Flexibility</th>    49       <td>    50       <ul>    51         <li>The user experience may seem too inflexible or unfriendly -    52 users may only get the login dialogue.</li>    53         <li>There is also probably no logout function, since it    54 requires browser support.</li>    55         <li> HTTP-style authentication is well understood and supported    56 when automating client access.</li>    57       </ul>    58       </td>    59       <td>    60       <ul>    61         <li>The login and logout activities can be customised to suit    62 the appearance of the rest of the application.</li>    63         <li> Many applications can share the same login application,    64 providing a "single sign-on" experience and potentially reduced    65 administrative overhead.</li>    66       </ul>    67       </td>    68     </tr>    69   </tbody>    70 </table>    71 </body>    72 </html>