Organizations run web servers because they are an easy way to distribute information to people on the Internet. But sometimes you don’t want to distribute your information to everybody. Why not?
You might have information on your web server that is intended only for employees of your organization.
You might have an electronic publication that contains general-interest articles that are free, and detailed technical articles that are only available to customers who have paid a monthly subscription fee.
You might have confidential technical information that is only for customers who have signed nondisclosure agreements.
You might have a web-based interface to your order-entry system: you can save money by letting your nationwide sales force access the web site using local Internet service providers, rather than having every person make long-distance calls every day, but you need a way of prohibiting unauthorized access.
All of these scenarios have different access control requirements. Fortunately, today’s web servers have a variety of ways to restrict access to information.
There are a variety of techniques that are being employed today to control access to web-based information:
Restricting access by using URLs that are “secret” (hidden) and unpublished
Restricting access to a particular group of computers based on those computers’ Internet addresses
Restricting access to a particular group of users based on their ...